I upgraded xampp to a latest version and had a struggle getting my web sites up and running.
I home host on Windows which I understand does not allow one to automatically put certificates into the web site. I.e. I link to updated certificates in Certbot/live/mywebs/certs folder from xampp/apache/cong/extra/httpd... vhosts.conf and httpd ssl.conf files
Before I used to simply type in certbot renew and all would be good in the world.
Now I am getting a host of errors.
Initially the errors were:......................................................
C:\WINDOWS\system32>certbot certonly --standalone
Saving debug log to C:\Certbot\log\letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel):myweb
Requesting a certificate for myweb
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: mywebg
Type: connection
Detail: Fetching http://myweb/.well-known/acme-challenge/l9KvhMaVwBKCfcVBwk05AsC0gmbjaGMSVyknYeQkVr8: Error getting validation data
Hint: The Certificate Authority couldn't exterally verify that the standalone plugin completed the required http-01 challenges. Ensure the plugin is configured correctly and that the changes it makes are accessible from the internet.
.................................................................................................
AND ALSO Renewal configuration file C:\Certbot\renewal\myweb.conf is broken.
The error was: expected C:\Certbot\live\myweb\cert.pem to be a symlink
Skipping.
.........................................................................................................
I do not think (as Windows installation) that I ever used .well-known/acme-challenge folders???
How can I get a refresh of Certbot that will get me sorted again.
I.e. I am happy to start again from fresh.
BUT it seems that my original certificates cannot be removed and other horrors.
I have used all the --help features including one I found that looks at fixing symlinks.
I do not seem to be able to reset the above.
Did you really type "myweb"?
If so, then you need to use an FQDN that can be resolved via global DNS.
OR are you just trying to hide the real domain name?
If so, why?
[all certificate registrations contain the domain name(s) and are public information]
As for the missing expected symlink, try executing the command again from an elevated command prompt.
Hi all. Apologies. I was sleeping. I added mywebs to the cert path simply because I have multiple certificates. I agree that it ends in a cert and not folder.
When I try certbot certificates command I used to get 4 certificates returned but it now says the links are broken. MAY I ask. How do I reset everything. I think I need to start a fresh. Must I delete the certificates, Uninstall certbot software. Delete Certbot folder and then ask for fresh certificates. That is my plan anyway for today. I just hope that same problems do not re-occur?
Just using the certbot command I gave you to delete the certificates should suffice. Please do not try to manually delete things because that's what caused the issues here in the first place.
The fault seems to be failure to use the standalone mode, which will be a temporary webserver that tries to run on port 80 just to answer http challenges. Your Apache will already be using that port. Does certbot normally stop and start Apache for your during validation so that standalone can work? If not an alternative would be to stop apache first, run your renewal, then start apache again.
I'm not a certbot guru, so I'm just guessing from the error.
I'm assuming myweb is a redacted domain name, because you can't use Let's Encrypt to get certs for local host names.
I will definitely use the delete command you gave me. Thank you. I do stop xampp. I had issues before and realized it was hogging port 80. IWhat I don't understand is why Certbot suddenly started needing to check .well-known/acme-challenge/ It never needed this before. Thanks all.
Hi all. OK. I HAVE DELETED CERTBOT CERTS but have the same issue.
PLEASE CAN SOMEONE HELP.
I have put down exactly what the error is below. I.e. I deleted all my certbot certs using certbot delete. I also deleted the c:\Certbot folder. Remember I have a xampp and Windows 10 installation. I.e. I do not believe I need / did not need this in the past... .well-known/acme-challenge/
I used certbot certonly --standalone in my attempt to get a new cert for pmway.hopto.org
ERROR MESSAGE IS INSERTED BELOW:
(Y)es/(N)o: Y
Account registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): pmway.hopto.org
Requesting a certificate for pmway.hopto.org
Hint: The Certificate Authority couldn't exterally verify that the standalone plugin completed the required http-01 challenges. Ensure the plugin is configured correctly and that the changes it makes are accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.
PLEASE CAN SOMEONE GIVE ME A SOLUTION IF POSSIBLE.
I would love to solve this weird problem.
I have also made no changes to my firewall at all.
What is interesting is that I also do not have a "live" folder in the c:\Certbot folder.
I.e. from Xampp this would have been a reference to the certificate from httpd-ssl.conf "SSLCertificateFile "C:\Certbot\live\pmway.hopto.org\cert.pem"
Can you confirm that your firewall is open for tcp port 80 and if applicable these requests are forwarded to your server? Is this a home machine behind a router? The machine needs to respond to http requests made by Let's Encrypt to validate your domain.
Alternatively you could look at DNS validation if http validation is difficult.
Hi yes I home host.
I can confirm. I have stopped xampp which uses port 80. I know when I start xampp it uses port 80 so this is available. I also run netstat -ano command from elevated cmd and see no port 80 listed as being used.
I tried to renew to get a list of certificates (after applying for them afresh per above) and the following was the response.
C:\WINDOWS\system32>certbot renew
Saving debug log to C:\Certbot\log\letsencrypt.log
No renewals were attempted.
C:\WINDOWS\system32>certbot certificates
Saving debug log to C:\Certbot\log\letsencrypt.log
No certificates found.
C:\WINDOWS\system32>
However at the moment, without certificates (deleted) xampp apache cannot load due to it not finding the certificate (deleted). Per below there is no "live folder"
As I understand, using Windows 10, no plugins are available. I.e. Per the certbot documentation for Windows servers.
Please run the following certbot command (with xampp and apache actually running), which will pause certbot after creating the challenge files, but before Let's Encrypt tries to verify the challenge files. Please file in the correct path for the webroot folder (-w parameter) where the files served for pmway.hopto.org are located.
OK what I did. I went into my router and in ADVANCED -> VIRTUAL SERVER I added port 80 and port 443 to 192.168.10.111
I found this advice from someone on the internet.
I switched XAMPP off totally and checked port 80 was not being used by anything using netstat -ano
I also clicked IPV6 to on. For some reason my Ethernet IPV6 was off. Not sure if this also contributed.
I am just thrilled I could create LIVE folder and also to renew without any bugs or challenges.
Thanks for listening.
Hopefully someone can use what I have done to help them.
