Cannot generate new certificate on the same path


#1

Server running on CentOS 7 with NGINX
I have a plenty of sites and all of them have https. Certbot certonly is working fine.

However I want to use WPML for one website where the English version will have domain XXX.com and the Polish version will have YYY.com
But I can’t seem to be able to generate the second certificate

My main domain is: https://www.masaztantrycznywarszawa.pl - it runs in Polish language since 1-2 years already.

Now I want to add WPML with a domain: https://www.tantramassagewarsaw.com - and it should show the English version of the site.

The root folder is the same as the previous one.

However when I try to add the webroot it gives:
Invalid input

Here is the full list of commands:
~]# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): www.tantramassagewarsaw.com,tantramassagewarsaw.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.tantramassagewarsaw.com
http-01 challenge for tantramassagewarsaw.com

Select the webroot for www.tantramassagewarsaw.com:
-------------------------------------------------------------------------------
1: Enter a new webroot
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel): /var/www/masaztantrycznywarszawa.pl/masaztantrycznywarszawa.pl

** Invalid input **
Press 1 [enter] to confirm the selection (press 'c' to cancel):

Here is the last part of the logs:

[root@www01 letsencrypt]# less letsencrypt.log
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/nlFlUQhVwfk4e5kJpssLXLaVXsvsXtPuJIW3ww_14MQ/6547441581",
      "token": "XH0gnkdbC3Z5tyuVQRccGcY3LBX61g_8gkTV7nBUMco"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/nlFlUQhVwfk4e5kJpssLXLaVXsvsXtPuJIW3ww_14MQ/6547441582",
      "token": "HnvRCE9rCxsbwb3WlkHhblW-qqFQG_h8L3nEPP1GkUc"
    }
  ],
  "combinations": [
    [
      1
    ],
    [
      0
    ],
    [
      2
    ]
  ]
}
2018-08-19 15:12:58,943:DEBUG:acme.client:Storing nonce: s1a-JY3PtuThY811Ve4gFNyALrRcMLDvaZU81N-nliw
2018-08-19 15:12:58,944:DEBUG:acme.challenges:tls-alpn-01 was not recognized, full message: {u'status': u'pending', u'token': u'HnvRCE9rCxsbwb3WlkHhblW-qqFQG_h8L3nEPP1GkUc', u'type': u'tls-alpn-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/nlFlUQhVwfk4e5kJpssLXLaVXsvsXtPuJIW3ww_14MQ/6547441582'}
2018-08-19 15:12:58,945:INFO:certbot.auth_handler:Performing the following challenges:
2018-08-19 15:12:58,945:INFO:certbot.auth_handler:http-01 challenge for www.tantramassagewarsaw.com
2018-08-19 15:12:58,946:INFO:certbot.auth_handler:http-01 challenge for tantramassagewarsaw.com
2018-08-19 15:19:39,681:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 115, in _solve_challenges
    resp = self.auth.perform(self.achalls)
  File "/usr/lib/python2.7/site-packages/certbot/plugins/webroot.py", line 73, in perform
    self._set_webroots(achalls)
  File "/usr/lib/python2.7/site-packages/certbot/plugins/webroot.py", line 91, in _set_webroots
    known_webroots)
  File "/usr/lib/python2.7/site-packages/certbot/plugins/webroot.py", line 105, in _prompt_for_webroot
    webroot = self._prompt_with_webroot_list(domain, known_webroots)
  File "/usr/lib/python2.7/site-packages/certbot/plugins/webroot.py", line 120, in _prompt_with_webroot_list
    cli_flag=path_flag, force_interactive=True)
  File "/usr/lib/python2.7/site-packages/certbot/display/util.py", line 156, in menu
    code, selection = self._get_valid_int_ans(len(choices))
  File "/usr/lib/python2.7/site-packages/certbot/display/util.py", line 419, in _get_valid_int_ans
    ans = input_with_timeout(input_msg)
  File "/usr/lib/python2.7/site-packages/certbot/display/util.py", line 79, in input_with_timeout
    rlist, _, _ = select.select([sys.stdin], [], [], timeout)
KeyboardInterrupt

And here is the vhost for this new domain:
server {
listen 80;

        root /var/www/masaztantrycznywarszawa.pl/masaztantrycznywarszawa.pl;
        index index.php;

        server_name tantramassagewarsaw.com www.tantramassagewarsaw.com;

        access_log /var/log/nginx/access.log main;
        error_log /var/log/nginx/error.log;


        location / {
                try_files $uri $uri/ /index.php?$args;
        }

        #deny author sniffing attempts
        if ($args ~ "^author=\d") { return 403; }


        location ~*  \.(jpg|jpeg|png|gif|ico|css|js|woff)$ {
                expires 365d;
        }

        location ~ (\.sql.gz|\.sql) { return 403; }

        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
#               fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                include fastcgi_params;
        }
}

Can anybody help?


#2

Hi,

In the step ‘enter a new webroot’, you should press 1…(instead of entering an new path), afterwards, it will ask you for the new webroot path)

P.S. for WPML, maybe it’s better to use one certificate for both domains?

Thank you


#3

Hi @seekman

you used Ctrl + C or something else to interrupt. Your http-01 challenge

https://acme-v01.api.letsencrypt.org/acme/challenge/nlFlUQhVwfk4e5kJpssLXLaVXsvsXtPuJIW3ww_14MQ/6547441581

is pending, not invalid.

So Certbot waits to your webroot - input.


#4

That’s wrong. See here:

I did Ctrl + C after this. To exit from certbot mode… but here I tried to put the webroot many times. Always invalid input.

For some reason it’s not accepting my webroot.

@stevenzhu Do you think this problem may be related to the fact that in this webroot was generated already a certificate for the main domain?

What about two domains with the same certificate? Is that possible? Isn’t the certificate issued to the specific domain names or domain names + wildcard for subdomains?


#5

Hi,

Those aren’t the issue…

You seem to have a misunderstanding for this step…

When the command instructs you to

Select the webroot for www.your domain.com
--------------------------------------------------------------
1. Enter a new webroot
--------------------------------------------------------------

You should enter number “1” at the selection point, instead of enter an webroot path…

Press 1 [enter] to confirm the selection [press 'c' to cancel] : 1

After respond to this selection, you will have the ability to enter the webroot path.

Thank you


#6

Ups, that makes sense. It seems to be working fine now :slight_smile:

Thank you very much


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.