Cant issue certificate for domain


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: 202-za.resrequest.net

I ran this command:sudo certbot --apache

It produced this output:

certbot type: unauthorized detail: invalid response from apache

My web server is (include version):
apache 2.4.18

The operating system my web server runs on is (include version):
Ubuntu 16.04

My hosting provider, if applicable, is:
(Local hosting in South Africa : Hetzner)

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.26.1

I have checked that no AAAA record is setup for the domain


#2

What does this show?

apachectl -t -D DUMP_VHOSTS

Could you please include the full output of the command? Thanks!


#3

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for 202-za.resrequest.net
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. 202-za.resrequest.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://202-za.resrequest.net/.well-known/acme-challenge/f1V4IRaY7CipBS6fKpnhBRcPbmv7Ayh0qnq6endcMEI: “\n\n404 Not Found\n\n

Not Found

\n<p”

IMPORTANT NOTES:


#4

Thanks, that looks fine. In case it got lost:

In cases like these, it’s common for ServerName/ServerAlias duplication to cause this problem, and the above can help diagnose it.


#5

Thanks so much for your help. It seems i forgot that 0000-default.conf uses the server name setup in the config file.

Thanks again!


#6

Any idea why the certificate is not trusted? I just issues it, on the same server i run certificates for another domain working fine.

This one now shows that it issues the certificate itself? Instead of by Letsencrypt like my other certificates


#7

Did Certbot report success in installing the certificate?

If it did, then the cause is probably the same - some duplication in the port 443 virtual host ServerNames.


#8

Ofcourse… the default ssl vhost (facepalm)