Can't generate ssl certificate, "Some challenges have failed."

ZAK · November 17, 2021, 7:21am

This sir. This system is also running at our server. mindset.ccgeo.info is http://45.202.17.189/

rg305 · November 17, 2021, 7:22am

I'm not familiar with any of that
Which systems are running Ubuntu?
Which of those is running Apache/2.4.18?

The "test" server you showed is running nginx - so it' not likely that one.

Which server is serving that picture?

ZAK · November 17, 2021, 7:24am

This sir

rg305 · November 17, 2021, 7:27am

OK then can you log into the "Server"?
We need to review the Apache HTTP vhost config.

Hold on. The picture has no box around the top information.
Is that information part of the "Server" circle OR is it another system within its' own (missing) box?

Please bare with me - it's the middle of the night here.
What time is it in the Philippines now?

ZAK · November 17, 2021, 7:32am

I'll update you sir. Please sleep now it's 3:32pm here

rg305 · November 17, 2021, 7:34am

OK.
If you can reach the system with the Apache.
Show:
sudo apachectl -t -D DUMP_VHOSTS

We'll (or whomever else can help - there are plenty of good people here) continue from there.
Good night (afternoon to you)

ZAK · November 18, 2021, 2:20am

Hello sir @rg305, I've find the system who got port 80.

MikeMcQ · November 18, 2021, 2:57am

@zak Good. Making progress. While you wait for @rg305 can you do as he asked in his previous post? Apache must be running on VM1 - Port80. Can you go on that system (Ubuntu - right?) and do this command from Rudy?

rg305 · November 18, 2021, 3:25am

Yes, since there is no unique name for the test server, we'll have to choose between:

#A: handling ALL the ACME challenge requests at the "VM 1 - PORT 80" system

OR

#B: proxying ALL the ACME challenge requests to the "PC Test server 84" system.

If #A, then we'll need to modify the Apache code to handle the requests and obtain the cert there. And you will have to copy it to the Test PC (somehow).
[this method won't be easy to automate - certs only last 90 days]

If #B, then we'll need to modify the Apache code to proxy the challenge requests to the Test PC.
And modify the nginx on the Test PC to handle the challenge requests there. Obtain the cert and install it in the HTTPS vhost config (certbot may be able to do much of that for us).
[this method can be fully automated]

But the cert is supposed to be "moved" from the Test PC to "VM 2 - PORT 82" (I guess after all tests are successful). If so, then "VM 2 - PORT 82" will need to handle the renewals (and "VM 1" will have to proxy the challenge requests to "VM 2").

You are in good hands with @MikeMcQ
Reply with your choice and we'll go from there.

MikeMcQ · November 18, 2021, 3:32am

Thanks but I am about to turn off and I suspect you are just starting a fresh shift I will watch for now. This one probably best to have one person leading at a time.

ZAK · November 18, 2021, 3:56am

Hello sirs, Since I consume to much time setting ssl. For now I'll procced to my next task, I'll be back next week. Thankyou so much sir. Ya all good humans !!

system · December 18, 2021, 3:56am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.