Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
spotmybus.app
I ran this command:
certbot certonly
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
1: Apache Web Server plugin - Beta (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): spotmybus.app
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for spotmybus.app
Input the webroot for spotmybus.app: (Enter 'c' to cancel): /var/www/spotmybus.app
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. spotmybus.app (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 74.50.112.249: Invalid respones from http://spotmybus.app/.well-known/acme-challenge/l-xbt_...: 404
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: spotmybus.app
Type: unauthorized
Detail: 74.50.112.249: Invalid response from
http://spotmybus.app/.well-known/acme-challenge/eBkT_CC5CSDKXCpqNylB7fyLgHx6TlhdPHUGQ7Vj41Y:
404To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
Server version: Apache/2.4.18 (Ubuntu)
Server built: 2019-4-03T13:34:47
The operating system my web server runs on is (include version):
Ubuntu 16.04.6 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
Yes.
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No. It's a dedicated server. I ssh in as needed.
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 0.27.0
NOTES:
I have been running this server for some years. It had no domain name associated with it, but only an IP address (to keep a low profile). Now, I want to host a progressive web app (PWA) on this server. PWAs can only be installed on a phone if the connection is https, so I'm trying to use certbot to create an SSL certificate.
I obtained a domain name I want to use,
spotmybus.app
and set up DNS A records as directed by the company from which I lease the server. I am not aware that I set up AAAA records (I don't actually know what they are) to tie the domain name to the IP address of the host computer's server (74.50.112.249).
I think there may be a catch 22 here. Domain names that end with ".app" are only accessible via https. I can't run https until an SSL certificate is installed. It looks to me (but, what do I know) like certbot is trying to contact the server at ("http://spotmybus.app"), which it cannot do, because .app domains can only be contacted via https.
Please help me!
Regards,
Matt