See post #10. You showed your server config file there
2 Likes
Sorry..... its currenty
DocumetRoot /home/hjz/domoticz/www
Can you do these commands:
mkdir -p /home/hjz/domoticz/www/.well-known/acme-challenge
echo testdata1234 > /home/hjz/domoticz/www/.well-known/acme-challenge/Test-1234
Then show result of this:
curl -I http://ddghhome.net/.well-known/acme-challenge/Test-1234
Leave test file after so we can look too
2 Likes
Then I get a permission error.
In the past these files we in /etc/letsencrypt/
Ran sudo -i and ran the files
root@Domoticz:~# curl -I http://ddghhome.net/.well-known/acme-challenge/Test-1234
HTTP/1.1 403 Forbidden
Date: Sat, 22 Jan 2022 19:05:03 GMT
Server: Apache/2.4.38 (Debian)
Content-Type: text/html; charset=iso-8859-1
Now you just have to find out why your Apache server is rejecting those requests. Once you can successfully get the test file with curl then retry Certbot with a -w folder value that matches your DocumentRoot folder: home/hjz/domoticz/www
If you cannot get the test file from that location certbot cannot either.
I think you should spend some time learning how to configure Apache. The parts of the config I have seen look like default values. Usually more custom config is needed for proper use. The Apache docs are a good place to start.
2 Likes
Domoticz takes care of most of this. Somehow the server Domoticz uses has lost its 80 connection and I have been busy since I had to change the wat I connected. This really helps thanx, but I am still not there. What does 403 error code mean?
Locally at home everything runs fine over 8080.
That is an http error code:
https://www.google.com/search?q=http+error+codes&oq=http+error+codes&aqs=edge..69i57j0i512l7j69i64.3877j0j1&sourceid=chrome&ie=UTF-8
Yes, but getting things to work on the public internet is more complicated
2 Likes
I'd begin back at the beginning...
Please show the output of:
curl -4 ifconfig.co
curl -6 ifconfig.co
sudo netstat -pant | grep -i listen
sudo ps -ef | grep -Ei 'apache|http' | grep -v grep
2 Likes
hjz@Domoticz:~$ curl -4 ifconfig.co
77.169.3.56
hjz@Domoticz:~$ curl -6 ifconfig.co
curl: (7) Couldn't connect to server
hjz@Domoticz:~$ sudo netstat -pant | grep -i listen
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 489/sshd
tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN 688/node
tcp6 0 0 :::80 :::* LISTEN 14809/apache2
tcp6 0 0 :::8080 :::* LISTEN 7505/domoticz
tcp6 0 0 :::22 :::* LISTEN 489/sshd
tcp6 0 0 :::443 :::* LISTEN 7505/domoticz
tcp6 0 0 :::6144 :::* LISTEN 7505/domoticz
hjz@Domoticz:~$ sudo ps -ef | grep -Ei 'apache|http' | grep -v grep
root 682 653 0 Jan15 ? 00:00:00 bash /home/hjz/nefiteasyhttpserver.sh
www-data 14809 32705 0 00:00 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 14810 32705 0 00:00 ? 00:00:00 /usr/sbin/apache2 -k start
root 32705 1 0 Jan22 ? 00:00:00 /usr/sbin/apache2 -k start
Does external:80 go to 192.168.2.10:80 ?
If so, please show:
apachectl -t -D DUMP_VHOSTS
1 Like
I had to go to root, but here it is
root@Domoticz:~# apachectl -t -D DUMP_VHOSTS
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:2)
And let's have a look at this complete file:
1 Like
The complete file:
<VirtualHost *:80>
# Redirect all requests to the local Apache server to port 8080
# RewriteRule ^.*$ http://%{HTTP_HOST}:8080%{REQUEST_URI}
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /home/hjz/domoticz/www
#/var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
1 Like
That file reduces to:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /home/hjz/domoticz/www
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
which lacks much.
Try adding to it:
ServerName ddghhome.net
Restart Apache
then show again:
apachectl -t -D DUMP_VHOSTS
1 Like
Some intersting things went on:
- The apache server failed to turn on
- The path to 80 is now covered by nginx!
hjz@Domoticz:~$ sudo -i
root@Domoticz:~# apachectl -t -D DUMP_VHOSTS
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 ddghhome.net (/etc/apache2/sites-enabled/000-default.conf:2)
with apache turned off
hjz@Domoticz:~$ sudo netstat -napt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 490/nginx: master p
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 470/sshd
tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN 573/node
tcp 0 0 192.168.2.10:80 149.56.181.247:34457 SYN_RECV -
tcp 0 0 192.168.2.10:80 74.91.115.181:54679 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:62359 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:35517 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:22431 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:41230 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:32421 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:18071 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:967 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:61304 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:21836 SYN_RECV -
tcp 0 0 192.168.2.10:80 74.91.115.181:56482 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:3623 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:44082 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:23854 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:1348 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:13163 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:12512 SYN_RECV -
tcp 0 0 192.168.2.10:80 74.91.115.181:9534 SYN_RECV -
tcp 0 0 127.0.0.1:55874 127.0.0.1:3000 TIME_WAIT -
tcp 0 0 192.168.2.10:47854 192.168.2.1:22 ESTABLISHED 495/domoticz
tcp 0 0 192.168.2.10:80 149.56.181.247:21203 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:48970 SYN_RECV -
tcp 0 0 192.168.2.10:80 74.91.115.181:21162 SYN_RECV -
tcp 0 0 127.0.0.1:55880 127.0.0.1:3000 TIME_WAIT -
tcp 0 0 192.168.2.10:80 149.56.181.247:40767 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:34525 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:17516 SYN_RECV -
tcp 0 0 127.0.0.1:55868 127.0.0.1:3000 TIME_WAIT -
tcp 0 0 192.168.2.10:80 149.56.181.247:41490 SYN_RECV -
tcp 0 0 192.168.2.10:80 74.91.115.181:14978 SYN_RECV -
tcp 0 0 192.168.2.10:80 74.91.115.181:45357 SYN_RECV -
tcp 0 0 192.168.2.10:80 74.91.115.181:4086 SYN_RECV -
tcp 0 0 127.0.0.1:55864 127.0.0.1:3000 TIME_WAIT -
tcp 0 0 192.168.2.10:80 149.56.181.247:51372 SYN_RECV -
tcp 0 0 192.168.2.10:80 74.91.115.181:62598 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:33339 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:50395 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:43744 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:2006 SYN_RECV -
tcp 0 0 192.168.2.10:80 74.91.115.181:12875 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:21466 SYN_RECV -
tcp 0 0 192.168.2.10:80 74.91.115.181:64587 SYN_RECV -
tcp 0 0 192.168.2.10:44766 139.15.227.109:5222 ESTABLISHED 573/node
tcp 0 0 192.168.2.10:80 74.91.115.181:20948 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:551 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:52759 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:53614 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:54143 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:31309 SYN_RECV -
tcp 0 0 192.168.2.10:80 74.91.115.181:37070 SYN_RECV -
tcp 0 8176 192.168.2.10:22 192.168.2.2:65049 ESTABLISHED 2730/sshd: hjz [pri
tcp 0 0 192.168.2.10:80 149.56.181.247:20081 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:27042 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:53759 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:22376 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:52243 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:15749 SYN_RECV -
tcp 0 0 192.168.2.10:80 74.91.115.181:33901 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:28839 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:16332 SYN_RECV -
tcp 0 0 192.168.2.10:80 74.91.115.181:30731 SYN_RECV -
tcp 0 0 192.168.2.10:80 74.91.115.181:24625 SYN_RECV -
tcp 0 0 127.0.0.1:55876 127.0.0.1:3000 TIME_WAIT -
tcp 0 0 192.168.2.10:80 74.91.115.181:32966 SYN_RECV -
tcp 0 0 192.168.2.10:80 74.91.115.181:51219 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:26374 SYN_RECV -
tcp 0 0 192.168.2.10:80 149.56.181.247:60766 SYN_RECV -
tcp 0 0 127.0.0.1:55866 127.0.0.1:3000 TIME_WAIT -
tcp6 0 0 :::8080 :::* LISTEN 495/domoticz
tcp6 0 0 :::80 :::* LISTEN 490/nginx: master p
tcp6 0 0 :::22 :::* LISTEN 470/sshd
tcp6 0 0 :::443 :::* LISTEN 495/domoticz
tcp6 0 0 :::6144 :::* LISTEN
But still a 404 error on the certbot
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: ddghhome.net
Type: unauthorized
Detail: Invalid response from Login – Nextcloud [77.169.3.56]: "\r\n404 Not Found\r\n<body bgcolor="white">\r\n
404 Not Found
\r\n"
root@Domoticz:~# curl -4 ifconfig.co
77.169.3.56
Apache and nginx are fighting for port 80.
You need to fix that.
1 Like
I turned apache off, and still the error 404 while nginx is listening to port 80.
The DocumentRoot used by --webroot was tied to the Apache server.
What is nginx doing?
Why are you running two web servers on the same port ? ? ?
1 Like