Can't add certificate to subdomain on different machine (0.31.0)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: delta.andrepaulo.me

I ran this command: certbot --apache -d delta.andrepaulo.me

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for delta.andrepaulo.me
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. delta.andrepaulo.me (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://andrepaulo.me/.well-known/acme-challenge/1rpM0BWLAgyrU2ZcVnlfaJtIqO-tXzzxZw9DslMUC6g [2001:41d0:302:2100::2791]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: delta.andrepaulo.me
   Type:   unauthorized
   Detail: Invalid response from
   https://andrepaulo.me/.well-known/acme-challenge/1rpM0BWLAgyrU2ZcVnlfaJtIqO-tXzzxZw9DslMUC6g
   [2001:41d0:302:2100::2791]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD
   HTML 2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

My web server is (include version): Apache/2.4.18

The operating system my web server runs on is (include version): Ubuntu 16.04.6

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0


I’ve tried updating from 0.31.0 with not much success. I have andrepaulo.me on OVH and then delta.andrepaulo.me on SkySilk. I’m not sure why its trying to find the acme-challenge on my main domain.

2 Likes

Hi @andre-paulo98

that’s

expected, because you have a redirect from your subdomain to your main domain - see https://check-your-website.server-daten.de/?q=delta.andrepaulo.me#url-checks

Letsencrypt follows that redirect.

And your Apache may be buggy, because normally --apache should hide such redirects.

See

apachectl -S

and remove duplicated definitions.

3 Likes

I see the problem. Thank you

In my case my apachectl -S was looking like this:


To fix this I just added ServerName to 000-default.conf that can’t be delta and issue is now fixed.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.