Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: maximo.rs
I ran this command: sudo certbot --apache -d maximo.rs -d www.maximo.rs
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for maximo.rs
http-01 challenge for www.maximo.rs
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.maximo.rs (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://digitalnasrbija.org/.well-known/acme-challenge/rm9rtq7vBjnQtJlQCAoqOrF6n-ddn9FsH4wt4PT6guI [2a01:7e00::f03c:91ff:fed0:480a]: "\r\n404 Not Found\r\n<body bgcolor="white">\r\n
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): nginx/1.10.3
The operating system my web server runs on is (include version): Debain 9 strech
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): Yes I can login
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Well I am sorry I've made mistake in previous because I had try on another server to get ssl, so from that reason I've put it "apache2" instead of Nginx.
Anyhow I had try all options. As you can see there is two domains.
Both of them was on one server and everything works fine till I want it to reinstall site with domian name maximo.rs.
Bothj of them was on Nginx server and I had it SSL for both of this domains.
When I deleteed maximo.rs I deleted from live, accounts etc... in folder /etc/letsencrypt/
I just want ti new SSL for new website, but after that I got this errors . ...
So I am pretty confuyed why I got this error ...
Also I had try from completely new server to try to get SSL and I have there apache2 web server and I got the same error ....
@griffin Thanks for replay.
I know that, but I am not sure how is this happend.
Domanis and ssl has nothing to do with redirection. and you can get ssl even if you redirect domains.
The point is that I can't get any relevant info regarding domain when I try to get new or renew ssl.
Good: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <system.webServer></system.webServer>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors.
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Obtaining a new certificate Performing the following challenges: http-01 challenge for maximo.rs Using default addresses 80 and [::]:80 ipv6only=on for authentication. Waiting for verification... Cleaning up challenges Could not automatically find a matching server block for maximo.rs. Set theserver_name` directive to use the Nginx installer.
IMPORTANT NOTES:- Unable to install the certificate - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/maximo.rs/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/maximo.rs/privkey.pem Your cert will expire on 2020-12-25. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew"
I had no idea how certbot running on the webserver for maximo.rs was going to create an http-01 challenge file on the webserver for digitalnasrbija.org. It never crossed my mind that one domain would be forwarded to the other domain on the same webserver and thus have the necessary access. I assumed that the forward was an oversight. My response was certainly hasty and absolutely overgeneralized. We get some really mangled configurations around here.
maximo.rs. 21580 IN A 212.71.254.101 digitalnasrbija.org. 21575 IN A 212.71.254.101
Anyhow, I missed the mark on this one for sure and I'm man enough to admit it. Thanks for setting me straight.
