Can't pass challenge

Thosquey · June 14, 2020, 2:44pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: clemg.fr

I ran this command: sudo certbot --apache -d ctf.clemg.fr -d ctf.clemg.fr

It produced this output: IMPORTANT NOTES:

The following errors were reported by the server:

Domain: ctf.clemg.fr
Type: unauthorized
Detail: Invalid response from
http://ctf.clemg.fr/.well-known/acme-challenge/i6nM-AUKMr0Nielr2nRVzikcknxKoUd0yWIlKP5iMEA
[213.186.33.5]: "\n \n \n
CTF\n <meta na"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version): Apache 2

The operating system my web server runs on is (include version): Debian 9 (Strech)

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, OVH control panel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

Currently trying to get SSL for both clemg.fr (which is working fine) and for ctf.clemg.fr. The problem is that with OVH, I specified for both domains an invisible redirection, which means that the browser will show the content found on the server but will not display the server’s address in the nav bar. With this given, I successfully added SSL to clemg.fr, but can’t add it to ctf.clemg.fr. According to me, it’s because the clemg.fr folder is located in /var/www/html/index.html but the ctf.clemg.fr is located in /var/www/html/ctf.clemg.fr/index.html

What should I do ?

JuergenAuer · June 14, 2020, 3:47pm

Hi @Thosquey

checking your domain via https://check-your-website.server-daten.de/?q=ctf.clemg.fr - that can't work.

There is a frame

Info: Html-Content with frame found, may be a problem creating a Letsencrypt certificate using http-01 validation

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head> <title>CTF</title>
 <meta name="description" content="CTF"> <meta name="keywords" content="CTF"> 
<meta name="generator" content="ORT - Ovh Redirect Technology"> 
<meta name="url" content="http://37.44.237.85/ctf.clemg.fr/index.html/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de"> <meta name="robots" content="all"> </head> 
<frameset rows="100%,0" frameborder=no border=0> 
<frame name="ORT" src="http://37.44.237.85/ctf.clemg.fr/index.html/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de"> 
<frame name="NONE" src="" scrolling="no" noresize> 
<noframes> 
<body>
<a href="http://37.44.237.85/ctf.clemg.fr/index.html/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de">Click here</a><hr></body>
 </noframes> </frameset> </html>

so Letsencrypt can't check your domain.

Change your dns setup. 37.44.237.85 must be your A-record, not that

Host	Type	IP-Address	is auth.	∑ Queries	∑ Timeout
ctf.clemg.fr	A	213.186.33.5 Bures-sur-Yvette/Île-de-France/France (FR) - OVH ISP Hostname: redirect.ovh.net	yes	1	0
	AAAA		yes
www.ctf.clemg.fr	A	213.186.33.5 Bures-sur-Yvette/Île-de-France/France (FR) - OVH ISP Hostname: redirect.ovh.net	yes	1	0

213.186.33.5.

You can't create Letsencrypt certificates with such a frame redirect via http validation.

Thosquey · June 14, 2020, 7:02pm

Thanks for answering @JuergenAuer

I understand that the code block you posted is why there is a problem, but OVH creates this to redirect to the website without seeing any change in the nav bar. Also, there is no option for me (I think) on OVH to change the way it redirects to the correct folder on my machine.
I tried to change what you told me with the other ip address that is not the one of my machine, and I successfully complete the certbot script, with this output :

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/clemg.fr/fullchain.pem

and other stuff, but even with waiting a few minutes after getting this message I still can’t reach https://ctf.clemg.fr or https://clemg.fr, but both http://ctf.clemg.fr and http://clemg.fr work.

Could you please tell me what I did wrong ? Thanks for your time

JuergenAuer · June 14, 2020, 7:41pm

That domain has the correct ip - https://check-your-website.server-daten.de/?q=clemg.fr

Host	Type	IP-Address	is auth.	∑ Queries	∑ Timeout
clemg.fr	A	37.44.237.85 Paris/Île-de-France/France (FR) - Harmony Hosting SARL No Hostname found	yes	1	0
	AAAA		yes
www.clemg.fr	A	37.44.237.85 Paris/Île-de-France/France (FR) - Harmony Hosting SARL No Hostname found	yes	1	0

The same is required with your subdomain.

Thosquey · June 14, 2020, 8:00pm

Oh you were right… OVH was setting the other IP without even noticing me, I now understand why it wasn’t working.

Thanks for your time and helping me ! Good evening

system · July 14, 2020, 8:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.