Apache2 Certbot with .dev domain

jeffffc · May 27, 2019, 9:45am

http challenge did not go through probably because of .dev domain?

My domain is: jeffchoy.dev

I ran this command: sudo certbot --apache -d jeffchoy.dev -d www.jeffchoy.dev

It produced this output:
Performing the following challenges:
http-01 challenge for www.jeffchoy.dev
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.jeffchoy.dev (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.jeffchoy.dev/.well-known/acme-challenge/nsd99wg_WA-YmIqxLVSK1B0gqTCJtoWo-q1E_KtV5eU: Error getting validation data

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: www.jeffchoy.dev
Type: connection
Detail: Fetching
http://www.jeffchoy.dev/.well-known/acme-challenge/nsd99wg_WA-YmIqxLVSK1B0gqTCJtoWo-q1E_KtV5eU:
Error getting validation data

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

My web server is (include version): Apache

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Apache2 2.4.29

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

JuergenAuer · May 27, 2019, 9:52am

Hi @jeffffc

there is a check of your domain - https://check-your-website.server-daten.de/?q=jeffchoy.dev

With some problems.

Your ip addresses:

Host	T	IP-Address	is auth.	∑ Queries	∑ Timeout
jeffchoy.dev	A	103.122.119.130	yes	1	0
	AAAA		yes
www.jeffchoy.dev	C	parkingpage.namecheap.com	yes	1	0
	A	198.54.117.210	yes
	A	198.54.117.211	yes
	A	198.54.117.212	yes
	A	198.54.117.215	yes
	A	198.54.117.216	yes
	A	198.54.117.217	yes
	A	198.54.117.218	yes

But your command:

You must remove the CNAME entry to that parking page, that can't work.

Result: Your non-www answers with an Apache, your www with a nginx.

Or create a certificate only with the non-www version.

PS: The dev top level domain isn't relevant.

jeffffc · May 27, 2019, 10:08am

Thanks. I forgot it takes some time for CNAME records to get updated. I did delete the record already, probably need some more time for it to get refreshed. Will check again a few hours later.

JuergenAuer · May 27, 2019, 10:16am

That's not required. Recheck your domain, if the changed DNS record is visible, you can start.

check-your-website and Letsencrypt are using the authoritative name servers to find the current values. So there is no caching.

system · June 26, 2019, 10:16am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.