Certbot LetsEncrypt installing

jackwilson · November 7, 2020, 6:17am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: vpn.jackskomputers.xyz

I ran this command: certbot certonly --webroot

It produced this output:

> Input the webroot for jackskomputers.xyz: (Enter 'c' to cancel): /usr/share/pritunl/www/

Waiting for verification...
Challenge failed for domain jackskomputers.xyz
http-01 challenge for jackskomputers.xyz
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: jackskomputers.xyz
   Type:   dns
   Detail: No valid IP addresses found for jackskomputers.xyz
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

My web server is (include version): Pritunl

The operating system my web server runs on is (include version): Debian 10.6 Buster

My hosting provider, if applicable, is: Self

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.9.0

_az · November 7, 2020, 6:42am

How long ago did you try?

Everything looks fine in DNS for your domain - it should not produce that error if you try again now.

jackwilson · November 7, 2020, 7:08am

I tried about 10 minutes before posting this help request.
If it helps, I am using cloudflare to manage my domain.
I have just tried it again with the same error message.

Waiting for verification...
Challenge failed for domain jackskomputers.xyz
Challenge failed for domain vpn.jackskomputers.xyz
http-01 challenge for jackskomputers.xyz
http-01 challenge for vpn.jackskomputers.xyz
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: jackskomputers.xyz
   Type:   unauthorized
   Detail: Invalid response from
   http://jackskomputers.xyz/.well-known/acme-challenge/KvUAUx-c3TyOC3h9N3wAh2e4jYDIJHTRGwqd4INVYTo
   [122.148.246.119]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   Domain: vpn.jackskomputers.xyz
   Type:   unauthorized
   Detail: Invalid response from
   http://vpn.jackskomputers.xyz/.well-known/acme-challenge/AosNb7JrSbclFVYNA1nyOXEVt4XKdQaJl6tfN9rdsoQ
   [122.148.246.119]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

_az · November 7, 2020, 7:30am

Well, that's an improvement !

I'll venture a guess that that /usr/share/pritunl/www/ is probably not the correct webroot of those two domains.

From the looks of things, you've just got a default Apache page, which (I think) is located in /var/www/html/ on Debian.

You can try:

certbot certonly --webroot -w /var/www/html -d jackskomputers.xyz -d vpn.jackskomputers.xyz --dry-run

If you can't figure out the right webroot, you can also try:

certbot certonly --apache -d jackskomputers.xyz -d vpn.jackskomputers.xyz --dry-run

jackwilson · November 7, 2020, 7:28am

When trying the top command, I get the following:

> Saving debug log to /var/log/letsencrypt/letsencrypt.log
> Plugins selected: Authenticator webroot, Installer None
> Obtaining a new certificate
> Performing the following challenges:
> http-01 challenge for jackskomputers.xyz
> http-01 challenge for vps.jackskomputers.xyz
> Using the webroot path /var/www/html for all unmatched domains.
> Waiting for verification...
> Challenge failed for domain vps.jackskomputers.xyz
> http-01 challenge for vps.jackskomputers.xyz
> Cleaning up challenges
> Some challenges have failed.
> 
> IMPORTANT NOTES:
>  - The following errors were reported by the server:
> 
>    Domain: vps.jackskomputers.xyz
>    Type:   dns
>    Detail: No valid IP addresses found for vps.jackskomputers.xyz
>  - Your account credentials have been saved in your Certbot
>    configuration directory at /etc/letsencrypt. You should make a
>    secure backup of this folder now. This configuration directory will
>    also contain certificates and private keys obtained by Certbot so
>    making regular backups of this folder is ideal.

When trying the second command, I get the following:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator apache, Installer apache

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for vps.jackskomputers.xyz

http-01 challenge for jackskomputers.xyz

Enabled Apache rewrite module

Waiting for verification...

Challenge failed for domain vps.jackskomputers.xyz

http-01 challenge for vps.jackskomputers.xyz

Cleaning up challenges

Some challenges have failed.

**IMPORTANT NOTES:**

- The following errors were reported by the server:

Domain: vps.jackskomputers.xyz

Type: dns

Detail: No valid IP addresses found for vps.jackskomputers.xyz

The Pritunl HTML/Web Panel files are located in directory /usr/share.pritunl/www/
Here is my current config in Cloudflare for my domain.

_az · November 7, 2020, 7:30am

Sorry, I made a one-character typo in my commands (vps instead of vpn).

I've fixed it them up, give it another try.

jackwilson · November 7, 2020, 7:36am

Trying your first command again, I got the following:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator webroot, Installer None

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for vpn.jackskomputers.xyz

http-01 challenge for jackskomputers.xyz

Using the webroot path /var/www/html for all unmatched domains.

Waiting for verification...

Cleaning up challenges

**IMPORTANT NOTES:**

**- The dry run was successful.**

What would I have to do next, to get my domain encrypted with lets encrypt?

_az · November 7, 2020, 7:46am

If you just want to create the certificate but not install it, just remove the --dry-run part of the command and it will do that.

If you want Certbot to create the certificate and also to automatically install it to Apache for you, you can run:

certbot --apache -d jackskomputers.xyz -d vpn.jackskomputers.xyz