Apache2 on Debian Jessie

Help
1

Hi All,

I have been assigned to make SSL work on a host using apache2 on Debian 8 (jessie). I have worked on SSL as a developer before but not yet on setting it up on a webserver. I have tried backing up and deleting the existing cert and key files in the Apache SSL directory but no success. Any help/ comment is appreciated. Thanks!

The following are the details:

Please fill out the fields below so we can help you better.

My domain is:dv2019.org

I ran this command: certbot --apache certonly

It produced this output:Domain: www.dv2019.org
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
Requested
d3af035e562e29b48a86f1fc8c19fde1.defeb5c7ffe52aa0a358325a5d67af33.acme.invalid
from 162.244.93.241:443. Received 2 certificate(s), first
certificate had names “ayyoda.com, www.ayyoda.com

Domain: dv2019.org
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
Requested
dde471613831aab9d84a2c284c1953e0.c0b159d6e4575633fbe9955bf10d300c.acme.invalid
from 162.244.93.241:443. Received 2 certificate(s), first
certificate had names “ayyoda.com, www.ayyoda.com

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

My operating system is (include version):Debian GNU/Linux 8

My web server is (include version):Apache2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

2

Hi @dante.monzon,

Do you have more than one virtual host defined in a single configuration file somewhere within /etc/apache2?

3

Hi Schoen,

There are other conf files in the sites-enabled directory (sorry, I am a newbie at this apache2 configuration as well). I read each one and each file has only one “Servername”, I guess there is a one-to-one correspondence to a config file and a domain. Is this what you wanted to know? Thanks!

Cheers,
Dante

4

Could you post those Apache configuration files from sites-enabled and also the log from /var/log/letsencrypt? Thanks!

5

Hi Schoen
I apologize for this late reply as I have health issues. I would first like to explain that the domain dv2019.org is hosted on this IP 162.244.93.241:443. As I understand my client would also like to host it on another. Is this really feasible? If so, then are there some other things that I should do before I execute the certbot command?
The other config files in the sites-enabled directory are I think too lengthy to post here as there are many.
The latest LE log i got is this> (sorry this is quite lengthy and I had to truncate the first few lines as there is a limit. I can email you the whole file if you wish)

2017-03-31 16:09:57,852:DEBUG:acme.jose.json_util:Omitted empty fields: status=None, combinations=None, expires=None, challenges=None
2017-03-31 16:09:57,853:DEBUG:acme.client:Serialized JSON: {“identifier”: {“type”: “dns”, “value”: “www.dv2019.org”}, “resource”: “new-authz”}
2017-03-31 16:09:57,860:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, cty=None, x5t=None, alg=None, x5tS256=None, x5u=None, kid=None, jwk=None
2017-03-31 16:09:57,869:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, nonce=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None
2017-03-31 16:09:57,870:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “uN5OsLGXXCsBUSQyIjSClK55MvKqN_VcrBLAfhc7dQpWv0P04LseBoM87ohPQsV2-eIH3KCdIwhjDQzUcGL__FsO4CKa7eN0xf1_hpr6WVc7e30zmkWcOWfazNo1xQDLlWnde2pJjnHMKahR3mEaNSmymrNshDtyXTTtn8SyUvNHKmkHJ3lui2Y1Z47jXdjL2WcQ8Ste1cHF7zRwK280IK6TH-V_Jy_VNC3TmVsHYCjutjGBX-gvWg0MpkqZSWB2S88r8rgMY0s9pjhALOmr-Wkbl9or_Upn6pyEdW4HdkmYpzD4ceV3Yn0jIULXH5PM2aNvIjiBNtpO9E64R0XxJw”}}, “protected”: “eyJub25jZSI6ICJSS3R4WXRMZnVxY21ETmFCQklmZ0JEb2FQZEczRDlqY3RIR0pWeGg1Z3dnIn0”, “payload”: “eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJ3d3cuZHYyMDE5Lm9yZyJ9LCAicmVzb3VyY2UiOiAibmV3LWF1dGh6In0”, “signature”: “r1REFJ3q9WLEnaLlhipzqjimCmL8HkNs5UH_jwWeECJVlx2wAIIhr3bI-PKYNf19rZ9kPL63e5cEb7FtnUiMOAIKTIRQI_m9UM_0KQh82dXX2pHXCO6vxSs1jqJpByPXRVkPX2s6hq5A0XD3Pd4y7ejqjHv5BjIvhkgc29X0CtoM5OYIR_WX82fmf1MxpM8WCqPdevVhUuRm8xY5A5MijUrGc6LavDF4fZPtav3KIsSOI5lmo_M17ew_Xu1Gie5uv8suRqcgLeew3pVNME8OsbQXXzbSh7xzrYFs5wYSq93sHXKUadW9gXtS1VmfSGtuVnC5yZ_Lp5Cnn5tO-ZXu-w”}’}
2017-03-31 16:09:57,943:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-authz HTTP/1.1” 201 999
2017-03-31 16:09:57,945:DEBUG:root:Received <Response [201]>. Headers: {‘Content-Length’: ‘999’, ‘Expires’: ‘Fri, 31 Mar 2017 16:09:57 GMT’, ‘Boulder-Request-Id’: ‘gEOl-ssxFFRTtdEC15Im48cr-sQjhbH1NjHvF8cNNoQ’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0’, ‘Pragma’: ‘no-cache’, ‘Boulder-Requester’: ‘7917407’, ‘Date’: ‘Fri, 31 Mar 2017 16:09:57 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘fHiCBG6h-8sKS2fPwv8k6VtNvasYACD1ecp6jlHKFBE’}. Content: '{\n “identifier”: {\n “type”: “dns”,\n “value”: “www.dv2019.org”\n },\n “status”: “pending”,\n “expires”: “2017-04-07T16:09:57.887227976Z”,\n “challenges”: [\n {\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063876”,\n “token”: “3hWyIGctBZ7y9rnZ3r7CNLfWpZlpPYKSwgZgOQWcjVE”\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063877”,\n “token”: “0EsGYFLejCanjVswdHyvLiVUq9Ul5-OtKXt8MiR6KIY”\n },\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063878”,\n “token”: “qJTTZPXH05hFxeB5uchBKDojKLHLmLclp11ItZjAZko”\n }\n ],\n “combinations”: [\n [\n 2\n ],\n [\n 1\n ],\n [\n 0\n ]\n ]\n}'
2017-03-31 16:09:57,945:DEBUG:acme.client:Storing nonce: '|x\x82\x04n\xa1\xfb\xcb\nKg\xcf\xc2\xff$\xe9[M\xbd\xab\x18\x00 \xf5y\xcaz\x8eQ\xca\x14\x11’
2017-03-31 16:09:57,946:DEBUG:acme.client:Received response <Response [201]> (headers: {‘Content-Length’: ‘999’, ‘Expires’: ‘Fri, 31 Mar 2017 16:09:57 GMT’, ‘Boulder-Request-Id’: ‘gEOl-ssxFFRTtdEC15Im48cr-sQjhbH1NjHvF8cNNoQ’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0’, ‘Pragma’: ‘no-cache’, ‘Boulder-Requester’: ‘7917407’, ‘Date’: ‘Fri, 31 Mar 2017 16:09:57 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘fHiCBG6h-8sKS2fPwv8k6VtNvasYACD1ecp6jlHKFBE’}): '{\n “identifier”: {\n “type”: “dns”,\n “value”: “www.dv2019.org”\n },\n “status”: “pending”,\n “expires”: “2017-04-07T16:09:57.887227976Z”,\n “challenges”: [\n {\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063876”,\n “token”: “3hWyIGctBZ7y9rnZ3r7CNLfWpZlpPYKSwgZgOQWcjVE”\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063877”,\n “token”: “0EsGYFLejCanjVswdHyvLiVUq9Ul5-OtKXt8MiR6KIY”\n },\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063878”,\n “token”: “qJTTZPXH05hFxeB5uchBKDojKLHLmLclp11ItZjAZko”\n }\n ],\n “combinations”: [\n [\n 2\n ],\n [\n 1\n ],\n [\n 0\n ]\n ]\n}'
2017-03-31 16:09:57,948:INFO:certbot.auth_handler:Performing the following challenges:
2017-03-31 16:09:57,980:INFO:certbot.auth_handler:tls-sni-01 challenge for dv2019.org
2017-03-31 16:09:58,013:INFO:certbot.auth_handler:tls-sni-01 challenge for www.dv2019.org
2017-03-31 16:09:59,165:DEBUG:certbot_apache.tls_sni_01:Adding Include /etc/apache2/le_tls_sni_01_cert_challenge.conf to /files/etc/apache2/apache2.conf
2017-03-31 16:09:59,166:DEBUG:certbot_apache.tls_sni_01:writing a config file with text:

<VirtualHost *:443>
ServerName c62f6e124a0809e3c7d981317f649a9b.007edb3abcf441efa883d99eb82f6958.acme.invalid
UseCanonicalName on
SSLStrictSNIVHostCheck on

LimitRequestBody 1048576

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /var/lib/letsencrypt/lVV3PrZOH6KRGla3k8y0EznUZYK7hpo8y4sjUhwciFI.crt
SSLCertificateKeyFile /var/lib/letsencrypt/lVV3PrZOH6KRGla3k8y0EznUZYK7hpo8y4sjUhwciFI.pem

DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/

<VirtualHost *:443>
ServerName 37f383e2da576617da4b049ce1d05067.5783a0ff3ac6439c557a65866b20d4a2.acme.invalid
UseCanonicalName on
SSLStrictSNIVHostCheck on

LimitRequestBody 1048576

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /var/lib/letsencrypt/3hWyIGctBZ7y9rnZ3r7CNLfWpZlpPYKSwgZgOQWcjVE.crt
SSLCertificateKeyFile /var/lib/letsencrypt/3hWyIGctBZ7y9rnZ3r7CNLfWpZlpPYKSwgZgOQWcjVE.pem

DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/

2017-03-31 16:09:59,222:DEBUG:certbot.reverter:Creating backup of /etc/apache2/apache2.conf
2017-03-31 16:10:02,604:INFO:certbot.auth_handler:Waiting for verification…
2017-03-31 16:10:02,634:DEBUG:acme.client:Serialized JSON: {“keyAuthorization”: “lVV3PrZOH6KRGla3k8y0EznUZYK7hpo8y4sjUhwciFI._mAF3KZt4n2Yj9laHMV3jr88kOctrd-0N2_Eb-6QNj8”, “type”: “tls-sni-01”, “resource”: “challenge”}
2017-03-31 16:10:02,638:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, cty=None, x5t=None, alg=None, x5tS256=None, x5u=None, kid=None, jwk=None
2017-03-31 16:10:02,662:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, nonce=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None
2017-03-31 16:10:02,663:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA/924063865. args: (), kwargs: {‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “uN5OsLGXXCsBUSQyIjSClK55MvKqN_VcrBLAfhc7dQpWv0P04LseBoM87ohPQsV2-eIH3KCdIwhjDQzUcGL__FsO4CKa7eN0xf1_hpr6WVc7e30zmkWcOWfazNo1xQDLlWnde2pJjnHMKahR3mEaNSmymrNshDtyXTTtn8SyUvNHKmkHJ3lui2Y1Z47jXdjL2WcQ8Ste1cHF7zRwK280IK6TH-V_Jy_VNC3TmVsHYCjutjGBX-gvWg0MpkqZSWB2S88r8rgMY0s9pjhALOmr-Wkbl9or_Upn6pyEdW4HdkmYpzD4ceV3Yn0jIULXH5PM2aNvIjiBNtpO9E64R0XxJw”}}, “protected”: “eyJub25jZSI6ICJmSGlDQkc2aC04c0tTMmZQd3Y4azZWdE52YXNZQUNEMWVjcDZqbEhLRkJFIn0”, “payload”: “eyJrZXlBdXRob3JpemF0aW9uIjogImxWVjNQclpPSDZLUkdsYTNrOHkwRXpuVVpZSzdocG84eTRzalVod2NpRkkuX21BRjNLWnQ0bjJZajlsYUhNVjNqcjg4a09jdHJkLTBOMl9FYi02UU5qOCIsICJ0eXBlIjogInRscy1zbmktMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0”, “signature”: “dWMwMN-gb_72PLUL5T8qa8URgCFwOkxcrNxZaNRVNUY_JVtjcpW3Bdiy_I-JeJ5AMgF8zltqpM5Z8rdzmfEe2zIS2khVsbPoxNN1vE45kwE91Uq-Xd0bXdTGZF3b50-wGe0Hv9aFWCzxKjotUtuuQsuq5HNOZpj533ofuhQX1oW9zBhFhB7UE7Cyrzb3IqaEflo6d8y37j8OmPGVJOZwsb9EMzXCci0UXgWnrm56qWat0ipfGJz40YIfqzuLznhHRyUJ56Q6sccGMf9zfGz7a8LdGw-_OZ03d91xytyWaJ4FnRPS1_IjLVitqgCKrO9wqPwBCU8nsPz1mnJhIN60og”}’}
2017-03-31 16:10:02,916:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/challenge/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA/924063865 HTTP/1.1” 202 338
2017-03-31 16:10:02,917:DEBUG:root:Received <Response [202]>. Headers: {‘Content-Length’: ‘338’, ‘Boulder-Request-Id’: ‘NOBUtjzaugeZsvQsSL6B53_Wj1K6x8GZB9XEaOaG3yI’, ‘Expires’: ‘Fri, 31 Mar 2017 16:10:02 GMT’, ‘Server’: ‘nginx’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA;rel=“up”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/challenge/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA/924063865’, ‘Pragma’: ‘no-cache’, ‘Boulder-Requester’: ‘7917407’, ‘Date’: ‘Fri, 31 Mar 2017 16:10:02 GMT’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘-MYK8LSDr-MIHo3KJs0f_88HJk_JpaIrQGua3fab3Lw’}. Content: '{\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA/924063865”,\n “token”: “lVV3PrZOH6KRGla3k8y0EznUZYK7hpo8y4sjUhwciFI”,\n “keyAuthorization”: “lVV3PrZOH6KRGla3k8y0EznUZYK7hpo8y4sjUhwciFI._mAF3KZt4n2Yj9laHMV3jr88kOctrd-0N2_Eb-6QNj8”\n}'
2017-03-31 16:10:02,917:DEBUG:acme.client:Storing nonce: '\xf8\xc6\n\xf0\xb4\x83\xaf\xe3\x08\x1e\x8d\xca&\xcd\x1f\xff\xcf\x07&O\xc9\xa5\xa2+@k\x9a\xdd\xf6\x9b\xdc\xbc’
2017-03-31 16:10:02,918:DEBUG:acme.client:Received response <Response [202]> (headers: {‘Content-Length’: ‘338’, ‘Boulder-Request-Id’: ‘NOBUtjzaugeZsvQsSL6B53_Wj1K6x8GZB9XEaOaG3yI’, ‘Expires’: ‘Fri, 31 Mar 2017 16:10:02 GMT’, ‘Server’: ‘nginx’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA;rel=“up”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/challenge/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA/924063865’, ‘Pragma’: ‘no-cache’, ‘Boulder-Requester’: ‘7917407’, ‘Date’: ‘Fri, 31 Mar 2017 16:10:02 GMT’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘-MYK8LSDr-MIHo3KJs0f_88HJk_JpaIrQGua3fab3Lw’}): '{\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA/924063865”,\n “token”: “lVV3PrZOH6KRGla3k8y0EznUZYK7hpo8y4sjUhwciFI”,\n “keyAuthorization”: “lVV3PrZOH6KRGla3k8y0EznUZYK7hpo8y4sjUhwciFI._mAF3KZt4n2Yj9laHMV3jr88kOctrd-0N2_Eb-6QNj8”\n}'
2017-03-31 16:10:02,918:DEBUG:acme.client:Serialized JSON: {“keyAuthorization”: “3hWyIGctBZ7y9rnZ3r7CNLfWpZlpPYKSwgZgOQWcjVE._mAF3KZt4n2Yj9laHMV3jr88kOctrd-0N2_Eb-6QNj8”, “type”: “tls-sni-01”, “resource”: “challenge”}
2017-03-31 16:10:02,920:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, cty=None, x5t=None, alg=None, x5tS256=None, x5u=None, kid=None, jwk=None
2017-03-31 16:10:02,926:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, nonce=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None
2017-03-31 16:10:02,930:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063876. args: (), kwargs: {‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “uN5OsLGXXCsBUSQyIjSClK55MvKqN_VcrBLAfhc7dQpWv0P04LseBoM87ohPQsV2-eIH3KCdIwhjDQzUcGL__FsO4CKa7eN0xf1_hpr6WVc7e30zmkWcOWfazNo1xQDLlWnde2pJjnHMKahR3mEaNSmymrNshDtyXTTtn8SyUvNHKmkHJ3lui2Y1Z47jXdjL2WcQ8Ste1cHF7zRwK280IK6TH-V_Jy_VNC3TmVsHYCjutjGBX-gvWg0MpkqZSWB2S88r8rgMY0s9pjhALOmr-Wkbl9or_Upn6pyEdW4HdkmYpzD4ceV3Yn0jIULXH5PM2aNvIjiBNtpO9E64R0XxJw”}}, “protected”: “eyJub25jZSI6ICItTVlLOExTRHItTUlIbzNLSnMwZl84OEhKa19KcGFJclFHdWEzZmFiM0x3In0”, “payload”: “eyJrZXlBdXRob3JpemF0aW9uIjogIjNoV3lJR2N0Qlo3eTlyblozcjdDTkxmV3BabHBQWUtTd2daZ09RV2NqVkUuX21BRjNLWnQ0bjJZajlsYUhNVjNqcjg4a09jdHJkLTBOMl9FYi02UU5qOCIsICJ0eXBlIjogInRscy1zbmktMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0”, “signature”: “oSiC1M1JvKI5ueH0j-71cJMBrfe1Mac53pqP61BEkO5B0Pxlui9VkNmox38bWjOA9Y2NJk_5xdJiHzpRuYsIVgMM9Q7-vHY646gQgMVD8z39HxA2dS29yieqCcI6GLWOSLYRkx-7ys6gf48bB6GW1tpMjVrFSV6txxEU-mgCCrI6QVoqxY3DpSSrkGLwNgIjkAC6frTMhktgeRrCBPv_7Kx9UHmVvirfX38pu-U0K4fir5HL8AVk4aUrGhFWBqBCFuGloA1k9PwJ2fGXpojBenn8WRuseXPOcPuixc-txABB8Npjulb4jzKjki9SHgsUPLwKIdccfsqTt5Gx3mgTiw”}’}
2017-03-31 16:10:03,269:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063876 HTTP/1.1” 202 338
2017-03-31 16:10:03,270:DEBUG:root:Received <Response [202]>. Headers: {‘Content-Length’: ‘338’, ‘Boulder-Request-Id’: ‘ED3TwdjhX2-cNmwLOCe81uFcRwxSrL-vi8sIIxu3qBs’, ‘Expires’: ‘Fri, 31 Mar 2017 16:10:03 GMT’, ‘Server’: ‘nginx’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0;rel=“up”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063876’, ‘Pragma’: ‘no-cache’, ‘Boulder-Requester’: ‘7917407’, ‘Date’: ‘Fri, 31 Mar 2017 16:10:03 GMT’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘gbxxI2Yv7cVxvHQUb7VIlQtiqGk3ISKJ6Tqpi4LEb3A’}. Content: '{\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063876”,\n “token”: “3hWyIGctBZ7y9rnZ3r7CNLfWpZlpPYKSwgZgOQWcjVE”,\n “keyAuthorization”: “3hWyIGctBZ7y9rnZ3r7CNLfWpZlpPYKSwgZgOQWcjVE._mAF3KZt4n2Yj9laHMV3jr88kOctrd-0N2_Eb-6QNj8”\n}'
2017-03-31 16:10:03,270:DEBUG:acme.client:Storing nonce: '\x81\xbcq#f/\xed\xc5q\xbct\x14o\xb5H\x95\x0bb\xa8i7!"\x89\xe9:\xa9\x8b\x82\xc4op’
2017-03-31 16:10:03,271:DEBUG:acme.client:Received response <Response [202]> (headers: {‘Content-Length’: ‘338’, ‘Boulder-Request-Id’: ‘ED3TwdjhX2-cNmwLOCe81uFcRwxSrL-vi8sIIxu3qBs’, ‘Expires’: ‘Fri, 31 Mar 2017 16:10:03 GMT’, ‘Server’: ‘nginx’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0;rel=“up”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063876’, ‘Pragma’: ‘no-cache’, ‘Boulder-Requester’: ‘7917407’, ‘Date’: ‘Fri, 31 Mar 2017 16:10:03 GMT’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘gbxxI2Yv7cVxvHQUb7VIlQtiqGk3ISKJ6Tqpi4LEb3A’}): '{\n “type”: “tls-sni-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063876”,\n “token”: “3hWyIGctBZ7y9rnZ3r7CNLfWpZlpPYKSwgZgOQWcjVE”,\n “keyAuthorization”: “3hWyIGctBZ7y9rnZ3r7CNLfWpZlpPYKSwgZgOQWcjVE._mAF3KZt4n2Yj9laHMV3jr88kOctrd-0N2_Eb-6QNj8”\n}'
2017-03-31 16:10:06,274:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA. args: (), kwargs: {}
2017-03-31 16:10:06,808:DEBUG:requests.packages.urllib3.connectionpool:“GET /acme/authz/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA HTTP/1.1” 200 1712
2017-03-31 16:10:06,810:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘1712’, ‘Expires’: ‘Fri, 31 Mar 2017 16:10:06 GMT’, ‘Boulder-Request-Id’: ‘aS8JO-eZBPiNn9Ycjt-Y_T6xOj9gqeHU6zAwkK7wnvg’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 31 Mar 2017 16:10:06 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘XuKfpGJ3-GsrwscbKVkeZ_Bs3bbKWGSNEeX__wmNx0M’}. Content: '{\n “identifier”: {\n “type”: “dns”,\n “value”: “dv2019.org”\n },\n “status”: “invalid”,\n “expires”: “2017-04-07T16:09:57Z”,\n “challenges”: [\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA/924063864”,\n “token”: “dB9RR5z5ZyskesBFBDbapm4rwxP_s_zvXpE0R5Ofp9A”\n },\n {\n “type”: “tls-sni-01”,\n “status”: “invalid”,\n “error”: {\n “type”: “urn:acme:error:unauthorized”,\n “detail”: “Incorrect validation certificate for TLS-SNI-01 challenge. Requested c62f6e124a0809e3c7d981317f649a9b.007edb3abcf441efa883d99eb82f6958.acme.invalid from 162.244.93.241:443. Received 2 certificate(s), first certificate had names \“ayyoda.com, www.ayyoda.com\””,\n “status”: 403\n },\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA/924063865”,\n “token”: “lVV3PrZOH6KRGla3k8y0EznUZYK7hpo8y4sjUhwciFI”,\n “keyAuthorization”: “lVV3PrZOH6KRGla3k8y0EznUZYK7hpo8y4sjUhwciFI._mAF3KZt4n2Yj9laHMV3jr88kOctrd-0N2_Eb-6QNj8”,\n “validationRecord”: [\n {\n “hostname”: “dv2019.org”,\n “port”: “443”,\n “addressesResolved”: [\n “162.244.93.241”\n ],\n “addressUsed”: “162.244.93.241”\n }\n ]\n },\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA/924063866”,\n “token”: “nEIAex6_XdTnUn_SqwOPkNKIT4qQHpxbmdfDG_jN3Jc”\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 1\n ],\n [\n 2\n ]\n ]\n}'
2017-03-31 16:10:06,810:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘1712’, ‘Expires’: ‘Fri, 31 Mar 2017 16:10:06 GMT’, ‘Boulder-Request-Id’: ‘aS8JO-eZBPiNn9Ycjt-Y_T6xOj9gqeHU6zAwkK7wnvg’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 31 Mar 2017 16:10:06 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘XuKfpGJ3-GsrwscbKVkeZ_Bs3bbKWGSNEeX__wmNx0M’}): '{\n “identifier”: {\n “type”: “dns”,\n “value”: “dv2019.org”\n },\n “status”: “invalid”,\n “expires”: “2017-04-07T16:09:57Z”,\n “challenges”: [\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA/924063864”,\n “token”: “dB9RR5z5ZyskesBFBDbapm4rwxP_s_zvXpE0R5Ofp9A”\n },\n {\n “type”: “tls-sni-01”,\n “status”: “invalid”,\n “error”: {\n “type”: “urn:acme:error:unauthorized”,\n “detail”: “Incorrect validation certificate for TLS-SNI-01 challenge. Requested c62f6e124a0809e3c7d981317f649a9b.007edb3abcf441efa883d99eb82f6958.acme.invalid from 162.244.93.241:443. Received 2 certificate(s), first certificate had names \“ayyoda.com, www.ayyoda.com\””,\n “status”: 403\n },\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA/924063865”,\n “token”: “lVV3PrZOH6KRGla3k8y0EznUZYK7hpo8y4sjUhwciFI”,\n “keyAuthorization”: “lVV3PrZOH6KRGla3k8y0EznUZYK7hpo8y4sjUhwciFI._mAF3KZt4n2Yj9laHMV3jr88kOctrd-0N2_Eb-6QNj8”,\n “validationRecord”: [\n {\n “hostname”: “dv2019.org”,\n “port”: “443”,\n “addressesResolved”: [\n “162.244.93.241”\n ],\n “addressUsed”: “162.244.93.241”\n }\n ]\n },\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/Mzyxe_XChpoZAHh8-Kq-Rciz2U1yA4kPJXClteDaObA/924063866”,\n “token”: “nEIAex6_XdTnUn_SqwOPkNKIT4qQHpxbmdfDG_jN3Jc”\n }\n ],\n “combinations”: [\n [\n 0\n ],\n [\n 1\n ],\n [\n 2\n ]\n ]\n}'
2017-03-31 16:10:06,812:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0. args: (), kwargs: {}
2017-03-31 16:10:07,185:DEBUG:requests.packages.urllib3.connectionpool:“GET /acme/authz/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0 HTTP/1.1” 200 1720
2017-03-31 16:10:07,187:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘1720’, ‘Expires’: ‘Fri, 31 Mar 2017 16:10:07 GMT’, ‘Boulder-Request-Id’: ‘Xtb48VrvWr74VDWLQPRFkA2sU6n0Lp-vP4f6eC8k-Xc’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 31 Mar 2017 16:10:07 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘fkeI2DhHacPVuafeihyrEepaBgRoeIWjnG1S5C7Y7t4’}. Content: '{\n “identifier”: {\n “type”: “dns”,\n “value”: “www.dv2019.org”\n },\n “status”: “invalid”,\n “expires”: “2017-04-07T16:09:57Z”,\n “challenges”: [\n {\n “type”: “tls-sni-01”,\n “status”: “invalid”,\n “error”: {\n “type”: “urn:acme:error:unauthorized”,\n “detail”: “Incorrect validation certificate for TLS-SNI-01 challenge. Requested 37f383e2da576617da4b049ce1d05067.5783a0ff3ac6439c557a65866b20d4a2.acme.invalid from 162.244.93.241:443. Received 2 certificate(s), first certificate had names \“ayyoda.com, www.ayyoda.com\””,\n “status”: 403\n },\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063876”,\n “token”: “3hWyIGctBZ7y9rnZ3r7CNLfWpZlpPYKSwgZgOQWcjVE”,\n “keyAuthorization”: “3hWyIGctBZ7y9rnZ3r7CNLfWpZlpPYKSwgZgOQWcjVE._mAF3KZt4n2Yj9laHMV3jr88kOctrd-0N2_Eb-6QNj8”,\n “validationRecord”: [\n {\n “hostname”: “www.dv2019.org”,\n “port”: “443”,\n “addressesResolved”: [\n “162.244.93.241”\n ],\n “addressUsed”: “162.244.93.241”\n }\n ]\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063877”,\n “token”: “0EsGYFLejCanjVswdHyvLiVUq9Ul5-OtKXt8MiR6KIY”\n },\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063878”,\n “token”: “qJTTZPXH05hFxeB5uchBKDojKLHLmLclp11ItZjAZko”\n }\n ],\n “combinations”: [\n [\n 2\n ],\n [\n 1\n ],\n [\n 0\n ]\n ]\n}'
2017-03-31 16:10:07,187:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘1720’, ‘Expires’: ‘Fri, 31 Mar 2017 16:10:07 GMT’, ‘Boulder-Request-Id’: ‘Xtb48VrvWr74VDWLQPRFkA2sU6n0Lp-vP4f6eC8k-Xc’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Fri, 31 Mar 2017 16:10:07 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘fkeI2DhHacPVuafeihyrEepaBgRoeIWjnG1S5C7Y7t4’}): '{\n “identifier”: {\n “type”: “dns”,\n “value”: “www.dv2019.org”\n },\n “status”: “invalid”,\n “expires”: “2017-04-07T16:09:57Z”,\n “challenges”: [\n {\n “type”: “tls-sni-01”,\n “status”: “invalid”,\n “error”: {\n “type”: “urn:acme:error:unauthorized”,\n “detail”: “Incorrect validation certificate for TLS-SNI-01 challenge. Requested 37f383e2da576617da4b049ce1d05067.5783a0ff3ac6439c557a65866b20d4a2.acme.invalid from 162.244.93.241:443. Received 2 certificate(s), first certificate had names \“ayyoda.com, www.ayyoda.com\””,\n “status”: 403\n },\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063876”,\n “token”: “3hWyIGctBZ7y9rnZ3r7CNLfWpZlpPYKSwgZgOQWcjVE”,\n “keyAuthorization”: “3hWyIGctBZ7y9rnZ3r7CNLfWpZlpPYKSwgZgOQWcjVE._mAF3KZt4n2Yj9laHMV3jr88kOctrd-0N2_Eb-6QNj8”,\n “validationRecord”: [\n {\n “hostname”: “www.dv2019.org”,\n “port”: “443”,\n “addressesResolved”: [\n “162.244.93.241”\n ],\n “addressUsed”: “162.244.93.241”\n }\n ]\n },\n {\n “type”: “dns-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063877”,\n “token”: “0EsGYFLejCanjVswdHyvLiVUq9Ul5-OtKXt8MiR6KIY”\n },\n {\n “type”: “http-01”,\n “status”: “pending”,\n “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/LbId8ibO_FsCfS4H-qj3_fIQa9FVr2L3cl3ipnvyGb0/924063878”,\n “token”: “qJTTZPXH05hFxeB5uchBKDojKLHLmLclp11ItZjAZko”\n }\n ],\n “combinations”: [\n [\n 2\n ],\n [\n 1\n ],\n [\n 0\n ]\n ]\n}'
2017-03-31 16:10:07,189:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: www.dv2019.org
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge. Requested 37f383e2da576617da4b049ce1d05067.5783a0ff3ac6439c557a65866b20d4a2.acme.invalid from 162.244.93.241:443. Received 2 certificate(s), first certificate had names “ayyoda.com, www.ayyoda.com

Domain: dv2019.org
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge. Requested c62f6e124a0809e3c7d981317f649a9b.007edb3abcf441efa883d99eb82f6958.acme.invalid from 162.244.93.241:443. Received 2 certificate(s), first certificate had names “ayyoda.com, www.ayyoda.com

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2017-03-31 16:10:07,189:INFO:certbot.auth_handler:Cleaning up challenges
2017-03-31 16:10:07,761:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.9.3’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 776, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 563, in obtain_cert
action, _ = _auth_from_domains(le_client, config, domains, lineage)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 96, in _auth_from_domains
renewal.renew_cert(config, domains, le_client, lineage)
File “/usr/lib/python2.7/dist-packages/certbot/renewal.py”, line 238, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 253, in obtain_certificate
self.config.allow_subset_of_names)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 78, in get_authorizations
self._respond(resp, best_effort)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 135, in _respond
self._poll_challenges(chall_update, best_effort)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 199, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. www.dv2019.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested 37f383e2da576617da4b049ce1d05067.5783a0ff3ac6439c557a65866b20d4a2.acme.invalid from 162.244.93.241:443. Received 2 certificate(s), first certificate had names “ayyoda.com, www.ayyoda.com”, dv2019.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested c62f6e124a0809e3c7d981317f649a9b.007edb3abcf441efa883d99eb82f6958.acme.invalid from 162.244.93.241:443. Received 2 certificate(s), first certificate had names “ayyoda.com, www.ayyoda.com

6

Hi schoen,
I have cleared my sites-enabled directory and have only this conf>
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName http://www.dv2019.org

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/dv2019.org/web
    ServerAlias dv2019.org

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

I been following instructions from this link https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-debian-8

and now I have a different error message:

2017-04-04 13:27:32,649:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: dv2019.org
Type: malformed
Detail: Failed to connect to 162.244.93.241:443 for TLS-SNI-01 challenge: Server only speaks HTTP, not TLS

Domain: www.dv2019.org
Type: malformed
Detail: Failed to connect to 162.244.93.241:443 for TLS-SNI-01 challenge: Server only speaks HTTP, not TLS

To fix these errors, please make sure that you did not provide any invalid information to the client, and try running Certbot again.
2017-04-04 13:27:32,650:INFO:certbot.auth_handler:Cleaning up challenges
2017-04-04 13:27:33,233:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.9.3’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 776, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 511, in run
action, lineage = _auth_from_domains(le_client, config, domains)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 96, in _auth_from_domains
renewal.renew_cert(config, domains, le_client, lineage)
File “/usr/lib/python2.7/dist-packages/certbot/renewal.py”, line 238, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 253, in obtain_certificate
self.config.allow_subset_of_names)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 78, in get_authorizations
self._respond(resp, best_effort)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 135, in _respond
self._poll_challenges(chall_update, best_effort)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 199, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. dv2019.org (tls-sni-01): urn:acme:error:malformed :: The request message was malformed :: Failed to connect to 162.244.93.241:443 for TLS-SNI-01 challenge: Server only speaks HTTP, no$

7

This error is generally caused by a default virtualhost for port 443 in another Apache config file that is not an HTTPS virtualhost. Can you check if you have such a thing?

In terms of the different IP address question from earlier, you can obtain a certificate on one host and then copy it onto a different host. The certificate isn’t limited to being used on a particular IP address. But you should consider what your plan is for renewal, because Let’s Encrypt certificates expire after 90 days!

8

Hi Schoen,

I executed this command grep -Ril 443 on the /etc/apache2 directory and this is the output:

sites-available/default-ssl.conf
sites-available/ispconfig.conf
sites-available/default-ssl.conf.save
sites-available/dv2019-ssl.org.conf.save
sites-available/dv2019-ssl.org.conf.save.1
sites-available/dv2019-ssl.org.conf
sites-available/dv2019.org.vhost.err
sites-available/dv2019-ssl.org.conf.save.2
ports.conf

I have only 1 file right now in sites-enabled which is dv2019.org.conf and contains>

<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.

    ServerName dv2019.org
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/dv2019.org/web
    ServerAlias www.dv2019.org

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Isn’t that conf files on the sites-enabled directory are the only ones launched by Apache? (I am not sure. This is already Apache concern anyway. )

By suggesting i just use the working certificates from dv2019.org site on another IP, do I just simply download the cert files and copy and install them to my intended server?

Thanks for your patience answering my questions!

Cheers!

9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.