The problem is that i used webroot for the first time when i tried it but that gives a completely different error message, and that seems even worse.
I get this when i run it with webroot:
No, that's not actually worse even though it might look like it.
An HTTP Connection to your domain is failing. Had you gotten --apache plugin further along you would get same error
You need to have connectivity working before using the HTTP Challenge to get a cert
This is good test site for new setups
3 Likes
Looks like the connection is refused
The HTTP-01 challenge of the Challenge Types - Let's Encrypt states
"The HTTP-01 challenge can only be done on port 80."
"Our implementation of the HTTP-01 challenge follows redirects, up to 10 redirects deep. It only accepts redirects to “http:” or “https:”, and only to ports 80 or 443. It does not accept redirects to IP addresses. When redirected to an HTTPS URL, it does not validate certificates (since this challenge is intended to bootstrap valid certificates, it may encounter self-signed or expired certificates along the way)."
Best Practice - Keep Port 80 Open
$ nmap -Pn -p80,443 dyo48apciweshomelab.xyz
Starting Nmap 7.80 ( https://nmap.org ) at 2024-11-02 22:26 UTC
Nmap scan report for dyo48apciweshomelab.xyz (193.151.117.75)
Host is up (0.20s latency).
rDNS record for 193.151.117.75: fabianla.sx5.cable.tolna.net
PORT STATE SERVICE
80/tcp closed http
443/tcp closed https
Nmap done: 1 IP address (1 host up) scanned in 1.20 seconds
3 Likes
I think im starting to understand whats happening, bc if you look it up now its running, but when i start certbot, apache crashes or something bc it tries to run apachectl graceful. (also i think i just doxed myself but i dont realy care now)
Yeah, I would quit trying to use --apache plugin option.
Make sure Let's Debug says the test is OK then try webroot again
The domain name in every cert becomes part of the public record. It is not private. Or, if you prefer, everyone gets doxxed 
4 Likes
Now https://letsdebug.net/dyo48apciweshomelab.xyz/2271265 is giving a WARNING
UnexpectedHttpResponse
Warning
Sending an ACME HTTP validation request to dyo48apciweshomelab.xyz results in unexpected HTTP response 400 Bad Request. This indicates that the webserver is misconfigured or misbehaving.
400 Bad Request
1 Like
The --webroot option does not modify your Apache config. The --apache plugin will make temp changes and will create a VirtualHost for port 443 (the first time it gets a cert).
Your server is replying with an HTTP 400 error to routine requests. Says needs javascript. The Let's Encrypt servers expect to see their token returned and only that. It does not have java enabled. You need to exempt that check for requests with /.well-known/acme-challenge/
4 Likes
Here is a list of issued certificates crt.sh | dyo48apciweshomelab.xyz, the latest being 2024-11-01.
Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher.
2 Likes
Here Office of General Counsel | What to do if you've been doxed spells out that "Doxing (or doxxing) is the malicious act of publicly revealing someone's private or personally identifiable information online without their consent."
2 Likes
Sorry my silliness didn't come across
4 Likes
No problem Mike, the word is new to me.
3 Likes
I was focusing on the "private" element
3 Likes
And how would i go about doing that?
How do you specify that requirement now?
2 Likes
What do you mean? I get that i should install java but how should i
Let's Encrypt server is sending a challenge HTTP request that looks like this
http://dyo48apciweshomelab.xyz/.well-known/acme-challenge/(token)
Your server is replying with an HTTP error 400 and the full text of the error is here: Let's Debug
I am not sure what you need to do so your server replies with the correct value. Perhaps you need to visit a NextCloud or Apache forum to learn that.
Being your own server admin comes with a learning curve. Not sure what else I can say about this.
Another volunteer here may have personal experience and might offer more details. I have never used Nextcloud.
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.