Can't pass challenge

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: clemg.fr

I ran this command: sudo certbot --apache -d ctf.clemg.fr -d ctf.clemg.fr

It produced this output: IMPORTANT NOTES:

My web server is (include version): Apache 2

The operating system my web server runs on is (include version): Debian 9 (Strech)

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, OVH control panel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

Currently trying to get SSL for both clemg.fr (which is working fine) and for ctf.clemg.fr. The problem is that with OVH, I specified for both domains an invisible redirection, which means that the browser will show the content found on the server but will not display the server’s address in the nav bar. With this given, I successfully added SSL to clemg.fr, but can’t add it to ctf.clemg.fr. According to me, it’s because the clemg.fr folder is located in /var/www/html/index.html but the ctf.clemg.fr is located in /var/www/html/ctf.clemg.fr/index.html

What should I do ?

1 Like

Hi @Thosquey

checking your domain via https://check-your-website.server-daten.de/?q=ctf.clemg.fr - that can’t work.

There is a frame

Info: Html-Content with frame found, may be a problem creating a Letsencrypt certificate using http-01 validation

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head> <title>CTF</title>
 <meta name="description" content="CTF"> <meta name="keywords" content="CTF"> 
<meta name="generator" content="ORT - Ovh Redirect Technology"> 
<meta name="url" content="http://37.44.237.85/ctf.clemg.fr/index.html/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de"> <meta name="robots" content="all"> </head> 
<frameset rows="100%,0" frameborder=no border=0> 
<frame name="ORT" src="http://37.44.237.85/ctf.clemg.fr/index.html/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de"> 
<frame name="NONE" src="" scrolling="no" noresize> 
<noframes> 
<body>
<a href="http://37.44.237.85/ctf.clemg.fr/index.html/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de">Click here</a><hr></body>
 </noframes> </frameset> </html>

so Letsencrypt can’t check your domain.

Change your dns setup. 37.44.237.85 must be your A-record, not that

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
ctf.clemg.fr A 213.186.33.5 Bures-sur-Yvette/Île-de-France/France (FR) - OVH ISP Hostname: redirect.ovh.net yes 1 0
AAAA yes
www.ctf.clemg.fr A 213.186.33.5 Bures-sur-Yvette/Île-de-France/France (FR) - OVH ISP Hostname: redirect.ovh.net yes 1 0

213.186.33.5.

You can’t create Letsencrypt certificates with such a frame redirect via http validation.

3 Likes

Thanks for answering @JuergenAuer

I understand that the code block you posted is why there is a problem, but OVH creates this to redirect to the website without seeing any change in the nav bar. Also, there is no option for me (I think) on OVH to change the way it redirects to the correct folder on my machine.
I tried to change what you told me with the other ip address that is not the one of my machine, and I successfully complete the certbot script, with this output :

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/clemg.fr/fullchain.pem

and other stuff, but even with waiting a few minutes after getting this message I still can’t reach https://ctf.clemg.fr or https://clemg.fr, but both http://ctf.clemg.fr and http://clemg.fr work.

Could you please tell me what I did wrong ? Thanks for your time

2 Likes

That domain has the correct ip - https://check-your-website.server-daten.de/?q=clemg.fr

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
clemg.fr A 37.44.237.85 Paris/Île-de-France/France (FR) - Harmony Hosting SARL No Hostname found yes 1 0
AAAA yes
www.clemg.fr A 37.44.237.85 Paris/Île-de-France/France (FR) - Harmony Hosting SARL No Hostname found yes 1 0

The same is required with your subdomain.

2 Likes

Oh you were right… OVH was setting the other IP without even noticing me, I now understand why it wasn’t working.

Thanks for your time and helping me ! Good evening

2 Likes