Certbot folder has broken symlinks

The certbot command that I just gave you will lead to much smoother renewals since it does not require shutting down xampp to renew your certificate.

1 Like

Your http to https redirect is working correctly, I see. :slightly_smiling_face:

1 Like

Hi Griffin. May I ask you a question.
I used this command you gave me: certbot certonly --webroot -w G:\xampp\htdocs\pmway.hopto.org\public\ -d "pmway.hopto.org" --debug-challenges
I removed --dry-run because I re-setup pmway to test what you said.
The certificates were re-created in c:\Certbot but I do not see any of the challenge files in the web root.
I would hope to find G:\xampp\htdocs\pmway.hopto.org\public.well-known\acme-challenge"the challenge file installed by certbot".
Any ideas on what I could be doing wrong.
I do like the idea of "not requiring shutting down of xampp to renew my certificate."

I must remind you that I run on a Windows machine. I think Certbot said in documents that it was not possible to use this option for Windows / will be installed in a later version? I.e. we had to link to c:\certbot\live\website\cert from xampp htdocs to get the cert.

OR possibly it is struggling to use my G drive? I have found this before. I decided not to put xampp onto my c drive due to windows toughened security iro folder security etc. Microsoft as usual driving me nuts.

1 Like

The reason no challenge file was created is that you removed --dry-run, which resulted in using the production server (instead of the staging server with --dry-run). The production server caches successful authorizations for 4 weeks, meaning that Let's Encrypt simply used an existing authorization for pmway.hopto.org rather than authorizing based on a new challenge file.

1 Like

Hi Griffin. Sorry to be a pain.
I did what you said: I used this command below but I still do not see G:\xampp\htdocs[pmway.hopto.org](http://pmway.hopto.org/)\public.well-known\acme-challenge"the challenge file installed by certbot". I.e. certbot has not created the challenge folder structure or files.
Hope you can shed some light at the end of this tunnel.

C:\WINDOWS\system32>certbot certonly --webroot -w G:\xampp\htdocs\pmway.hopto.org\public -d "pmway.hopto.org" --dry-run --debug-challenges
Saving debug log to C:\Certbot\log\letsencrypt.log
Simulating renewal of an existing certificate for pmway.hopto.org


Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.


Press Enter to Continue
The dry run was successful.

C:\WINDOWS\system32>

1 Like

Hi All. I sorted this problem.
This is how: Using this link: Step by step LetsEncrypt WinSimple - hMailServer forum

  1. I added the .well-known and within this folder acme-challenge folder structure on my web root and then within this I created a text file mytextfile.txt with mytextfile written within it. Per link above.
    At first I could not get the text file to come up on my browser. I could not path to it via the browner.
  2. I then added below to my xampp\apache\conf\extra\https-vhosts.conf file. and I could open the mytextfile.txt within the browser. I.e. per advice in link above.
    i.e. between the ######
    <VirtualHost :80>
    DocumentRoot "G:/xampp/htdocs/pmway.hopto.org/public/"
    ServerName pmway.hopto.org
    ##########nb below 4 lines added to facilitate certbot
    Alias /.well-known "G:/xampp/htdocs/pmway.hopto.org/public/.well-known"
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.
    )$ https://%{HTTP_HOST}$1 [R=301,L]
    ########################################
    <Directory "G:/xampp/htdocs/pmway.hopto.org/public/">
    DirectoryIndex index.php
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride All
    #Require all local
    Require all granted

    ErrorLog "G:/xampp/apache/logs/pmwayerror.log"
    CustomLog "G:/xampp/apache/logs/pmwayaccess.log" common

    I.E. I could now navigate to the mytextfile.txt folder from the browser as would be required by certbot to verify my domain.
  3. I then ran the command that was recommended above: certbot certonly --webroot -w G:\xampp\htdocs\pmway.hopto.org\public\ -d "pmway.hopto.org" --dry-run --debug-challenges
    It came back ok.
  4. Before closing 3 above in cmd I looked at the folder .well-known\acme-challenge\mytestfile.txt and I noticed that certbot had put in another file with long number in it.
    This disappeared after I closed the cmd.
    But I suspect that if I run certbot renew now or in the future it will be able to add in the file that is needed to update the web site while xampp is running. Below is a screen shot of the certbot installation file with numbers.
1 Like

If this ever worked before, then this is likely to blame for it failing recently:

That implies that those ports were being sent to another IP.
That implies that your servers' IP has changed since its' last renewal.
That implies that the server uses DHCP and there is no IP reservation set for it in the router.
That implies that someday in the future (after the router has been rebooted and forgets the active DHCP leases) this will likely happen again.

[but knowledge is power... you can now do something about it]

1 Like

You're doing fine, my friend. No worries. :slightly_smiling_face:

This means that the dry run worked. I'm glad you went the extra mile to configure an Apache vHost though, which you should have already done anyhow.

What is the output of this command?

httpd -S