My domain is: http://larademo.ratrakone.com
I ran this command: sudo certbot --nginx -d ratrakone.com -d www.ratrakone.com -d larademo.ratrakone.com
It produced this output:
sudo certbot --nginx -d ratrakone.com -d www.ratrakone.com -d larademo.ratrakone.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/ratrakone.com.conf)
It contains these names: ratrakone.com, www.ratrakone.com
You requested these names for the new certificate: ratrakone.com,
www.ratrakone.com, larademo.ratrakone.com.
Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: e
Renewing an existing certificate for ratrakone.com and 2 more domains
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: larademo.ratrakone.com
Type: unauthorized
Detail: 2a10:9c80::193:163:77:250: Invalid response from http://larademo.ratrakone.com/.well-known/acme-challenge/RDZCSJMTQfuB-pw7qpKNvQTpXSefoBlFpDOwim0ZAFw: 404
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): Ubuntu 22.04 LTS
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: hostcreators.sk
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 2.11.0
i ran certbot for the top level domain https://ratrakone.com and it works.
then i copied the .conf file and adjusted it for the subdomain, which doesn't work anymore.
server {
server_name larademo.ratrakone.com www.larademo.ratrakone.com;
root /var/www/html/ratrakone.com/sub/larademo/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
next i tried to create file on this path /var/www/html/ratrakone.com/sub/larademo/public/.well-known/acme-challenge
and access it from browser. that worked and i saw the contents of test.txt
on this path.
i also transfered ownership and group to www-data
and set chmod 775 for public directory and 777 for storage directory (laravel).
i set the CNAME entry of *.ratrakone.com
to ratrakone.com
is there anything im missing? will be very thankful for answers, i already spent two days on this issue trying to solve it myself.
tail -100
of the letsencrypt.log
2024-07-23 13:50:36,058:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/380817333187:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTg1MjE5MzAzNyIsICJub25jZSI6ICJncEJqTF8zaVRUWG1NUFd3OC1mU1JjaWNEcU94TXJOcndOamVfd0ZXVW1ieFR0dnByUmciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM4MDgxNzMzMzE4NyJ9",
"signature": "n_e7gJBKD-YilpDVz6vK0tB_JZ9-dpicN9HKKj5oemBHmpK-A9kSIvkQLLIX0Hac_Qnjp2jqkQBdapgU6Y5UCwZduKl9KNw5doeiIjE3CBJH6kNJi94481TH5Pnf7jt2hxzGdC6y-X3Bt7F2Dgg8kfjYejkvKP1n-8rF-_Ko7blvvfYEBLw1Uo3Jij4R_Q7GVgzWa1-WzmoyIb-QUlOh_goyHbr9jBEdENJlb4zhihcmvSFk2Ert6w2ctuUMgf7rkf3kaXzwVL_ozLIrLoFczb10KNPJMWpKxAc84DmkDFQBVrMupbSxoO7-4dN-t5e77FJz4YdE51Mu_Vqa_Qf_2Q",
"payload": ""
}
2024-07-23 13:50:36,241:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/380817333187 HTTP/1.1" 200 1122
2024-07-23 13:50:36,243:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 23 Jul 2024 13:50:36 GMT
Content-Type: application/json
Content-Length: 1122
Connection: keep-alive
Boulder-Requester: 1852193037
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: biP_gDtCf5mrgsOlKwNab4xQBt5WpHmR0QB_DuwQRDILV_ptAUY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "larademo.ratrakone.com"
},
"status": "invalid",
"expires": "2024-07-30T13:50:30Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/380817333187/lQ6TrQ",
"status": "invalid",
"validated": "2024-07-23T13:50:31Z",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "2a10:9c80::193:163:77:250: Invalid response from http://larademo.ratrakone.com/.well-known/acme-challenge/So8G6DS9HD_udBInIatH-5KT0W3EYvOOhI32hzzzcL8: 404",
"status": 403
},
"token": "So8G6DS9HD_udBInIatH-5KT0W3EYvOOhI32hzzzcL8",
"validationRecord": [
{
"url": "http://larademo.ratrakone.com/.well-known/acme-challenge/So8G6DS9HD_udBInIatH-5KT0W3EYvOOhI32hzzzcL8",
"hostname": "larademo.ratrakone.com",
"port": "80",
"addressesResolved": [
"193.163.77.250",
"2a10:9c80::193:163:77:250"
],
"addressUsed": "2a10:9c80::193:163:77:250"
}
]
}
]
}
2024-07-23 13:50:36,243:DEBUG:acme.client:Storing nonce: biP_gDtCf5mrgsOlKwNab4xQBt5WpHmR0QB_DuwQRDILV_ptAUY
2024-07-23 13:50:36,244:INFO:certbot._internal.auth_handler:Challenge failed for domain larademo.ratrakone.com
2024-07-23 13:50:36,244:INFO:certbot._internal.auth_handler:http-01 challenge for larademo.ratrakone.com
2024-07-23 13:50:36,244:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: larademo.ratrakone.com
Type: unauthorized
Detail: 2a10:9c80::193:163:77:250: Invalid response from http://larademo.ratrakone.com/.well-known/acme-challenge/So8G6DS9HD_udBInIatH-5KT0W3EYvOOhI32hzzzcL8: 404
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
2024-07-23 13:50:36,246:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-07-23 13:50:36,246:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-07-23 13:50:36,246:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-07-23 13:50:37,442:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/3834/bin/certbot", line 8, in <module>
sys.exit(main())
File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 1894, in main
return config.func(config, plugins)
File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 1450, in run
new_lineage = _get_and_save_cert(le_client, config, domains,
File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/snap/certbot/3834/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-07-23 13:50:37,445:ERROR:certbot._internal.log:Some challenges have failed.