My domain is: cloud.fynns.site
I ran these commands:
(1) certbot certonly --apache --dry-run -d cloud.fynns.site -v
(2) certbot certonly --webroot --dry-run -d cloud.fynns.site -v
(3) certbot certonly --manual --dry-run -d cloud.fynns.site -v
It produced this output: (only for the --apache run, but I can provide the rest if necessary)
Summary
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Simulating a certificate request for cloud.fynns.site
Performing the following challenges:
http-01 challenge for cloud.fynns.site
Waiting for verification...
Challenge failed for domain cloud.fynns.site
http-01 challenge for cloud.fynns.site
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: cloud.fynns.site
Type: connection
Detail: Fetching http://cloud.fynns.site/.well-known/acme-challenge/qZtFPfkIpN4-oOt6uxclG0Xg3qEUj9NiJ2lWybHAwyE: Error getting validation data
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
The log file contained this output: (apache only again)
Summary
2022-03-17 21:33:38,664:DEBUG:certbot._internal.main:certbot version: 1.22.0
2022-03-17 21:33:38,664:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2022-03-17 21:33:38,664:DEBUG:certbot._internal.main:Arguments: ['--apache', '--dry-run', '-d', 'cloud.fynns.site', '-v']
2022-03-17 21:33:38,664:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,Plu
ginEntryPoint#webroot)
2022-03-17 21:33:38,676:DEBUG:certbot._internal.log:Root logging level set at 20
2022-03-17 21:33:38,677:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2022-03-17 21:33:38,754:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.52
2022-03-17 21:33:38,927:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_fedora.FedoraConfigurator object at 0x7f4dd9617fa0>
Prep: True
2022-03-17 21:33:38,927:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_fedora.FedoraConfigurator object at 0x7f4dd9617fa0>
Prep: True
2022-03-17 21:33:38,927:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_fedora.FedoraConfigurator object at 0x7f4dd9617fa0> and installer
<certbot_apache._internal.override_fedora.FedoraConfigurator object at 0x7f4dd9617fa0>
2022-03-17 21:33:38,927:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2022-03-17 21:33:38,934:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/47599808', new_authzr_uri=None, terms_of_service=None), 51d4d2fa3b2486bf96caf5dc1e847146, Meta(creation_dt=datetime.datetime(2022, 3, 17, 19, 24, 36, tzinfo=<UTC>), creation_host='cloud.fynns.site', register_to_eff=None))>
2022-03-17 21:33:38,935:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2022-03-17 21:33:38,937:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2022-03-17 21:33:39,368:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 822
2022-03-17 21:33:39,368:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 17 Mar 2022 20:33:39 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"hk2hav6eg0s": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-aaron-ari/renewalInfo/",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-03-17 21:33:39,369:DEBUG:certbot._internal.display.obj:Notifying user: Simulating a certificate request for cloud.fynns.site
2022-03-17 21:33:39,543:DEBUG:acme.client:Requesting fresh nonce
2022-03-17 21:33:39,543:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2022-03-17 21:33:39,689:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-03-17 21:33:39,690:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 17 Mar 2022 20:33:39 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001Pum7R6SssIvRSCP5V2lWcDo1Y9BcucIF8llNDuvsiwM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2022-03-17 21:33:39,690:DEBUG:acme.client:Storing nonce: 0001Pum7R6SssIvRSCP5V2lWcDo1Y9BcucIF8llNDuvsiwM
2022-03-17 21:33:39,690:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "cloud.fynns.site"\n }\n ]\n}'
2022-03-17 21:33:39,693:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NzU5OTgwOCIsICJub25jZSI6ICIwMDAxUHVtN1I2U3NzSXZSU0NQNVYybFdjRG8xWTlCY3VjSUY4bGxORHV2c2l3TSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "zBWc3LhHsNCVwseBACVj1vBBAFkualILqm-aoapkUK1AP7SGZ-2kqbNbPhQoPzDY2C3PZIY9woFPD9wWdKmCF4EKbZXuHhCtvwMPZcAdh1GIzBAtyrFZpr0OLqBQwF9gXZbfdakcfZ2UE-fktM7SBfX_XD8JU1wrsWlMSAj-TU5S7WIeihNkTJmrpHyBe04cWdbamLxz-1Rjg30ZzouXMtL47bjccrDf70XlVJZtodEcl7o9L7Wm1nELo_cUcsX-MFlrBST8tU9j3tidDzIrumP5CnAMYyL2BTfxHpiTGCD_xEU3vOF2YFpcdbjFx0E-gJyzSs4uSaoCcaUFkWLtyA",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImNsb3VkLmZ5bm5zLnNpdGUiCiAgICB9CiAgXQp9"
}
2022-03-17 21:33:39,860:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 352
2022-03-17 21:33:39,860:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 17 Mar 2022 20:33:39 GMT
Content-Type: application/json
Content-Length: 352
Connection: keep-alive
Boulder-Requester: 47599808
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/47599808/2055083868
Replay-Nonce: 0002SxpvzByZKn_C7tTzKCgiFy4jNO6G5BcaVFz_Qw5gxDE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2022-03-24T20:33:39Z",
"identifiers": [
{
"type": "dns",
"value": "cloud.fynns.site"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1941186058"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/47599808/2055083868"
}
2022-03-17 21:33:39,860:DEBUG:acme.client:Storing nonce: 0002SxpvzByZKn_C7tTzKCgiFy4jNO6G5BcaVFz_Qw5gxDE
2022-03-17 21:33:39,861:DEBUG:acme.client:JWS payload:
b''
2022-03-17 21:33:39,862:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1941186058:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NzU5OTgwOCIsICJub25jZSI6ICIwMDAyU3hwdnpCeVpLbl9DN3RUektDZ2lGeTRqTk82RzVCY2FWRnpfUXc1Z3hERSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xOTQxMTg2MDU4In0",
"signature": "d_w3F0es6N_R_J33yJSEzDinUv3z2sAPV0UBFcBZsolyxv0PbaP3jWsss5tbuxKaHcZEPu1id4fWq82s34mUIFsmIhqRYbn98rOcBjghJE_Uq-5vl33SIeqC4xd1KPPuWWdqA8i_Zp1R4ObV4Z6HiBsLMcRuJmeRWfd2eBqT5Fi0iRPehS4pubxngVZMY83UxAw1J3Ur7QgMrGaHtGlmnRemrGNZtfBAh5edhn2teNcw0JxeAE9tHeyM_mcpYfgsH41dkS5gmgXRdeyPlAHmSKFqFds1ZDVlYSYhnWxUdNzzlxVCOAlZXSyuZmTRw1S6xwd-TFtHvcmwJ45J3y3CmQ",
"payload": ""
}
2022-03-17 21:33:40,007:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/1941186058 HTTP/1.1" 200 818
2022-03-17 21:33:40,008:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 17 Mar 2022 20:33:39 GMT
Content-Type: application/json
Content-Length: 818
Connection: keep-alive
Boulder-Requester: 47599808
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002ZpNep6RCmLgSwzQr6lSv5TGdo_aRuvPWRI-2pRzqG1k
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "cloud.fynns.site"
},
"status": "pending",
"expires": "2022-03-24T20:33:39Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1941186058/NLZCWA",
"token": "T_k9ILnSv616BrLp2Y6V_PEoYPMvoWYr_oeL1YKEbUU"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1941186058/cDSJKg",
"token": "T_k9ILnSv616BrLp2Y6V_PEoYPMvoWYr_oeL1YKEbUU"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1941186058/nZnmJA",
"token": "T_k9ILnSv616BrLp2Y6V_PEoYPMvoWYr_oeL1YKEbUU"
}
]
}
2022-03-17 21:33:40,008:DEBUG:acme.client:Storing nonce: 0002ZpNep6RCmLgSwzQr6lSv5TGdo_aRuvPWRI-2pRzqG1k
2022-03-17 21:33:40,009:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-03-17 21:33:40,009:INFO:certbot._internal.auth_handler:http-01 challenge for cloud.fynns.site
2022-03-17 21:33:40,013:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: cloud.fynns.site in: /etc/httpd/conf.d/nextcloud.conf
2022-03-17 21:33:40,013:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: None in: /etc/httpd/conf.d/nextcloud.conf
2022-03-17 21:33:40,013:DEBUG:certbot_apache._internal.http_01:writing a pre config file with text:
RewriteEngine on
RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
2022-03-17 21:33:40,014:DEBUG:certbot_apache._internal.http_01:writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted
</Directory>
<Location /.well-known/acme-challenge>
Require all granted
</Location>
2022-03-17 21:33:40,028:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf.d/nextcloud.conf
2022-03-17 21:33:43,110:DEBUG:acme.client:JWS payload:
b'{}'
2022-03-17 21:33:43,114:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1941186058/NLZCWA:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NzU5OTgwOCIsICJub25jZSI6ICIwMDAyWnBOZXA2UkNtTGdTd3pRcjZsU3Y1VEdkb19hUnV2UFdSSS0ycFJ6cUcxayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xOTQxMTg2MDU4L05MWkNXQSJ9",
"signature": "NqC5rhJDRiAHnB8t3sQIKAlg8_RY9YyGUzFTjAg58iD8tyB4orekjwt0MEMEHHlHa9o86cxIiceinap2im6_hHX6O53-UUPS477lWH10zC0CgeyrjK6tnr8Qmf7I4CU39M9o5R149xgEBDjhAFW3ajbgPYi1kl23p4_YTI5ZIa6BpoiFVORzGTqqAQHx-9LG6G_8SCc_0JxdapP1HpH5wne-K8Zm9AvFNRULEoww-upGqjIliE3njh2B_qmMlU5LMSuwAPTfwdSmFijU038PHVVQHs_KySvgd1dya199CFKnj60T4A8oqcrnUP4Gg5MZ4hnEdCkXY_dXXXPfB8UsrQ",
"payload": "e30"
}
2022-03-17 21:33:43,262:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/1941186058/NLZCWA HTTP/1.1" 200 193
2022-03-17 21:33:43,263:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 17 Mar 2022 20:33:43 GMT
Content-Type: application/json
Content-Length: 193
Connection: keep-alive
Boulder-Requester: 47599808
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1941186058>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1941186058/NLZCWA
Replay-Nonce: 0002kiLxehTNR2rg4AA1xppr_13hu0K6EkWpu1H5-_V_8q4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1941186058/NLZCWA",
"token": "T_k9ILnSv616BrLp2Y6V_PEoYPMvoWYr_oeL1YKEbUU"
}
2022-03-17 21:33:43,263:DEBUG:acme.client:Storing nonce: 0002kiLxehTNR2rg4AA1xppr_13hu0K6EkWpu1H5-_V_8q4
2022-03-17 21:33:43,264:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-03-17 21:33:44,265:DEBUG:acme.client:JWS payload:
b''
2022-03-17 21:33:44,267:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1941186058:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NzU5OTgwOCIsICJub25jZSI6ICIwMDAya2lMeGVoVE5SMnJnNEFBMXhwcHJfMTNodTBLNkVrV3B1MUg1LV9WXzhxNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xOTQxMTg2MDU4In0",
"signature": "eMhExBidRZwwTN8QI-Xc1O5gNa4RggMAg_J3fMWNQgrLw3sMXXDb_r1jxwh0tCwvBFM1df3n_mMsmn9Uo03OWlWc-z3SKfwZUqaS9x7DNZN8snCjqoZ7WQTnDk9ZIhbx8Hy7nNBFyDBBvkjqwPw0JLxB9fpMjM7dNfJK9ntAzWv2XmG9g0LqJqQ0nVhOdasQSDxjsxZV6JxuLuBab945mx7wnb6H0QnORKMrUUEMejENJ5xXll7GUO1wUADnsyFAyWzDK0wrJVeEuIlxWj9UfxFvNm47J6elVDnmWqbgp8IWe1yOIbJ1vmXOU8VlOExeGm05r4fXMii0wBCr-c0ULw",
"payload": ""
}
2022-03-17 21:33:44,412:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/1941186058 HTTP/1.1" 200 1034
2022-03-17 21:33:44,413:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 17 Mar 2022 20:33:44 GMT
Content-Type: application/json
Content-Length: 1034
Connection: keep-alive
Boulder-Requester: 47599808
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00021KireuQXmjHxwSxZ36nZk-s-bQp2dT_IHVQmLJ8eNQA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "cloud.fynns.site"
},
"status": "invalid",
"expires": "2022-03-24T20:33:39Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "Fetching http://cloud.fynns.site/.well-known/acme-challenge/T_k9ILnSv616BrLp2Y6V_PEoYPMvoWYr_oeL1YKEbUU: Error getting validation data",
"status": 400
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1941186058/NLZCWA",
"token": "T_k9ILnSv616BrLp2Y6V_PEoYPMvoWYr_oeL1YKEbUU",
"validationRecord": [
{
"url": "http://cloud.fynns.site/.well-known/acme-challenge/T_k9ILnSv616BrLp2Y6V_PEoYPMvoWYr_oeL1YKEbUU",
"hostname": "cloud.fynns.site",
"port": "80",
"addressesResolved": [
"46.38.237.224"
],
"addressUsed": "46.38.237.224"
}
],
"validated": "2022-03-17T20:33:43Z"
}
]
}
2022-03-17 21:33:44,413:DEBUG:acme.client:Storing nonce: 00021KireuQXmjHxwSxZ36nZk-s-bQp2dT_IHVQmLJ8eNQA
2022-03-17 21:33:44,413:INFO:certbot._internal.auth_handler:Challenge failed for domain cloud.fynns.site
2022-03-17 21:33:44,413:INFO:certbot._internal.auth_handler:http-01 challenge for cloud.fynns.site
2022-03-17 21:33:44,414:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: cloud.fynns.site
Type: connection
Detail: Fetching http://cloud.fynns.site/.well-known/acme-challenge/T_k9ILnSv616BrLp2Y6V_PEoYPMvoWYr_oeL1YKEbUU: Error getting validation data
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
2022-03-17 21:33:44,414:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 105, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 205, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-03-17 21:33:44,414:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-03-17 21:33:44,414:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-03-17 21:33:44,530:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot==1.22.0', 'console_scripts', 'certbot')())
File "/usr/lib/python3.10/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1632, in main
return config.func(config, plugins)
File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 1491, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3.10/site-packages/certbot/_internal/main.py", line 139, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3.10/site-packages/certbot/_internal/client.py", line 496, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3.10/site-packages/certbot/_internal/client.py", line 424, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3.10/site-packages/certbot/_internal/client.py", line 476, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 105, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3.10/site-packages/certbot/_internal/auth_handler.py", line 205, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed2022-03-17 21:33:44,531:ERROR:certbot._internal.log:Some challenges have failed.
My web server is (include version):
Apache/2.4.52 (Fedora Linux)
My config file:
Summary
# https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html
# generated 2022-03-17, Mozilla Guideline v5.6, Apache 2.4.52, OpenSSL 1.1.1l, modern configuration
# https://ssl-config.mozilla.org/#server=apache&version=2.4.52&config=modern&openssl=1.1.1l&guideline=5.6
# this configuration requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
DocumentRoot /var/www/html/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
DocumentRoot /var/www/html/nextcloud/
ServerName cloud.fynns.site
<Directory /var/www/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
Satisfy Any
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
# enable HTTP/2, if available
Protocols h2 http/1.1
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000"
</VirtualHost>
# modern configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
The operating system my web server runs on is (include version):
Fresh install of Fedora 35 Server
My hosting provider, if applicable, is:
Netcup
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.22.0
I can add a file /var/www/html/.well-known/acme-challenge/test.txt and reach it under http://cloud.fynns.site/.well-known/acme-challenge/test.txt but even when I try with the --manual or --webroot option it doesn't work =(
DNS A Record is set to the right IP, and seems to be picked up properly.
I think this might have to do with SELinux, but I'm not sure, and not really knowledgeable enough about it to start mucking about with it.
Any help would be greatly appreciated!
Kind regards
Fynn
