Can't create SSL


#1

I have created ubuntu server 16.04.3 and am trying to install a SSL using Certbot but it doesn’t work.

Steps i took:

1- add-get-repository ppa:certbot/certbot
2- apt-get update
3- apt-get install python-certbot-apache
4- certbot --apache -d domain.com -d www.domain.com

  • I have created a server using this same way a few times before but this is the first time i get this which is why i am so confused

After step 4 i then get this error message(this is the complete error from the logs-Heads up its long):

2018-06-15 09:14:38,215:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: www.urslamchat.com
Type: unauthorized
Detail: Invalid response from http://www.urslamchat.com/.well-known/acme-challenge/updRX8CbVnGPf7SEtFexN5OPC01TdHSPoEy-1TKh7Kc: "

404 Not Found

Not Found

<p"

Domain: urslamchat.com
Type: unauthorized
Detail: Invalid response from http://urslamchat.com/.well-known/acme-challenge/-vIk08hpubLcSEBeRYYmTCkiJxcHJqRNYOT7TsWI8CU: "

404 Not Found

Not Found

<p"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2018-06-15 09:14:38,215:INFO:certbot.auth_handler:Cleaning up challenges
2018-06-15 09:14:38,918:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.22.2’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1266, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1031, in run
certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 118, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 350, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 294, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 330, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 79, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 154, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 220, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.urslamchat.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.urslamchat.com/.well-known/acme-challenge/updRX8CbVnGPf7SEtFexN5OPC01TdHSPoEy-1TKh7Kc: "

404 Not Found

Not Found

<p", urslamchat.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://urslamchat.com/.well-known/acme-challenge/-vIk08hpubLcSEBeRYYmTCkiJxcHJqRNYOT7TsWI8CU: " 404 Not Found

Not Found

<p"

#2

Does the domain definitely point to this server?

Can you show:

apachectl -S
ip a

#3

Yes it does because when i type in the domain without the https then i get to the website.

Forgot to mention that i moved this domain to a new server and on the previous server i had a ssl working but after migrating it to this new one then i can’t get the ssl.

Here is the output of the commands requested:


#4

Hi,

Can you please execute the following command and share us the output?
curl v6.ifconfig.co
curl v4.ifconfig.co

It would detect your server IPs.

Also, your Apache doesn’t seems to have alias for the www version.


#5

Here is the output for the up commands:

curl

Also in the /etc/apache2/sites-available/domain.com.conf file the alias is there see below:

    <VirtualHost urslamchat.com:80> 

ServerName urslamchat.com
ServerAlias www.urslamchat.com
ServerAdmin admin@urslamchat.com
DocumentRoot /var/www/html

<Directory /var/www/html/>
Options All
AllowOverrride All
allow from all


#6

Hi,

The first command shows the issue…

Your server IP is 165.90.205.85 (at least that’s the one it use to communicate to outside)

The website you are pointing to 165.90.207.249…

Can you double check if that IP is on this server?

Just to confirm, please run ifconfig and see if the 165.90.207.249 is in there.

I’m not sure if <VirtualHost >could contain a domain name rather than IP address


#7

Not sure why it would fail.

On the chance that something is wrong with the Apache authenticator, you could try:

certbot -i apache -a webroot -w /var/www/html \
-d urslamchat.com -d www.urslamchat.com --dry-run

Edit: @stevenzhu caught the IP difference, nice eye. Try that instead.


#8

my word i only noticed that difference now in the IP of the server.
I ran the ifconfig command and the 165.90.205.85 doesn’t show only the internal IP of 192.168.11.203, however when i go to the firewall the internal IP is set to 192.168.11.203 and the Static is 165.90.207.249 which is also by my domain provider.

So on the firewall it is link to 165.90.207.249 which is the correct IP.
Would i have to change that IP 165.90.205.85 as i have no idea how that got to be?

I normally do my VirtualHost with the domain.com:80 and it always worked.


#9

I changed the to <VirtualHost *:80> and then restarted apache then ran this again certbot --apache -d urslamchat.com -d www.urslamchat.com then it worked. I can use https also in the browser so everything is working.

Thanks for the help saved me big time


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.