Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ..*

I ran this command: sudo certbot --apache

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?

1: ..*

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for ..*

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: ..*
Type: unauthorized
Detail: Invalid response from https://mail.thesay.me/.well-known/acme-challenge/Ox1XiuUBQ7TnP4IcUCq4JzGrjhF8zZPtxatVVp6ziDA [...]: "\n\n<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>\nError 404 Not Found\n\n<bo"

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: name.com

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I dont know

2

Hi,

What's the output of:

sudo apachectl -S
1 Like
3

Hi!
root@mail:/etc/apache2/sites-enabled# certbot --version
certbot 1.21.0
root@mail:/etc/apache2/sites-enabled# sudo apachectl -S
VirtualHost configuration:
:80 .. (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
root@mail:/etc/apache2/sites-enabled#

4

That looks fine. I'm surprised it doesn't work.

Could you please also post the contents of /etc/apache2/sites-enabled/000-default.conf?

1 Like
5

<VirtualHost :80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerName ..
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

~
~

6

There's already a working HTTPS Zimbra service running on that hostname, which is using a Let's Encrypt certificate already, issued on 2 December. Why are you trying to issue another one? It's kinda strange your Zimbra is already working on HTTPS whereas your current Apache configuration doesn't have a HTTPS VirtualHost.

2 Likes
7

Indeed, it seems like the domain is pointing to a totally different Apache server.

Even the default non-SNI certificate is for a different domain (SANs: thesay.me, www.thesay.me).

2 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.