Hello,
setting up certificates for a client. The server is hosting multiple domains, plan is a couple will have SSL certs on. This domain mentioned below is the first one. Since I’m cautious about config changes, I tend to do them myself, so I issued:
certbot certonly --webroot -w /home/www.simpss.si/public_html/ -d www.simpss.si -d simpss.si
and then edited the configs myself and everything works fine. However, when testing the renewal process with either:
certbot certonly --dry-run --webroot -w /home/www.simpss.si/public_html/ -d www.simpss.si -d simpss.si
or simply:
certbot renew --dry-run
produces:
-
The following errors were reported by the server:
Domain: simpss.si
Type: connection
Detail: Fetching
http://simpss.si/.well-known/acme-challenge/jbHFTrdXWUKGKyGfauNFV9c7Kw1CnIDwJOFNrX3Fkjk:
Error getting validation dataDomain: www.simpss.si
Type: connection
Detail: Fetching
http://www.simpss.si/.well-known/acme-challenge/Wtdola-MYRVJuD1_CQuNsyYw_cWj1RwQzn7eIElgMNM:
Error getting validation data
My domain is: www.simpss.si (alias - simpss.si)
I ran this command: certbot renew --dry-run
It produced this output:
-
The following errors were reported by the server:
Domain: www.simpss.si
Type: connection
Detail: Fetching
http://www.simpss.si/.well-known/acme-challenge/lXMqIysHUzLt3thjEICyoSkZOzy7m3t_ReuWhvc46Co:
Error getting validation dataDomain: simpss.si
Type: connection
Detail: Fetching
http://simpss.si/.well-known/acme-challenge/32xrNV-PB9q2k8EMM3E2ldoRWj_gKpmoqF6TXf0dLgw:
Error getting validation data
My web server is (include version): Apache/2.4.6
The operating system my web server runs on is (include version): Centos7
My hosting provider, if applicable, is: n/a
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
I have checked the .well-known dir, it’s there, in it a file ‘i-am-here.txt’ is retrievable. Double checked DNSes, ipv6 not present. When certbot command was run, I also made a copy of the acme-challenge dir with it’s contents, it’s still there and retrievable:
/.well-known/acme-challenge-copy/isuD_k4afzcC9DckjEleCcU2ssCYsorYZ4yK2pFQeE4
/.well-known/acme-challenge-copy/QA80LRfaNEiSvKtdPlK8UiCo6BBGcHRX_XVnQ7tjjyU
I also did a tcpdump from the server, and I see them talking, my server responding with:
HTTP/1.1 200 OK
Date: Wed, 14 Feb 2018 15:00:20 GMT
Server: Apache
Last-Modified: Wed, 14 Feb 2018 15:00:19 GMT
ETag: W/"57-5652d5ea6606b"
Accept-Ranges: bytes
Content-Length: 87
Connection: close
jbHFTrdXWUKGKyGfauNFV9c7Kw1CnIDwJOFNrX3Fkjk.kEEAP_6osHaWHuG8k4gh7DN-q9twZ3XwLp8A_LImPmY[!http]
and yet I always end up with the same error. Any help greatly appreciated!
Regards,
Neven