Certbot renew error dns A AAA

Help
1

Hello
i try to renew certificate whitout succes

I try this command:

manually
certbot renew
and certbot -d xxx.xxx.fr

It produced this output:

Type: unauthorized
Detail: Invalid response from
http://xxx.xxx.fr/.well-known/acme-challenge/ohQvlLTx5HD29cp6pbMotAnYz0MKF1qkBUrHwc_E680
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s)

My web server is (include version): apache
when i apachectl -t -D DUMP_VHOSTS it return

*:80 xxx.xxx.fr (/etc/apache2/sites-enabled/xxx.xxx.fr.conf:1)
*:443 xxx.xxx.fr (/etc/apache2/sites-enabled/xxx.xxx.fr.conf:29)

The dns is configure by the interface of orange business

The operating system my web server runs on is (include version): debian

The version of my certbot is 0.31.0

Thanks for your help

2

You seem to have removed perhaps the most important question of the entire questionnaire:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

1 Like
3

Hello thanks for your reply:
my domain is leffarmor.fr and the site is associations.leffarmor.fr

1 Like
4

Your webserver seems to be speaking HTTPS on port 80. Port 80 is usually reserved for HTTP. This could be due to a misconfiguration of your Apache, but sometimes also due to incorrect portmaps in routers (where external port 80 is mapped to internal port 443 by mistake for example..) Could you share the Apache configuration file?

1 Like
5

Thanks again for your help

<VirtualHost *:80>
	ServerAdmin webmaster@localhost
	DocumentRoot /v_1.0.0/frontend
	ServerName associations.leffarmor.fr
	ServerAlias server www.associations.leffarmor.fr

    # ProxyRequests Off
    # ProxyVia Off
    ProxyPreserveHost On    
    ProxyStatus On    
    ProxyPass           / http://xx.xx.x.x:port/
    ProxyPassReverse    / http://xx.xx.x.x:port/

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

 	<Directory /home/lacsi/associations/v_1.0.0/frontend>  
		Options Indexes FollowSymLinks MultiViews  
		AllowOverride All  
		Order allow,deny  
		allow from all  
	</Directory>

	Redirect permanent / https://associations.leffarmor.fr:port/

</VirtualHost>


<VirtualHost _default_:443>

	ServerAdmin webmaster@localhost
	DocumentRoot /home/lacsi/associations/v_1.0.0/frontend
	ServerName associations.leffarmor.fr
	ServerAlias server www.associations.leffarmor.fr

	ProxyPreserveHost On    
	ProxyStatus On    
	ProxyPass           / http://xx.xx.x.x:port/
	ProxyPassReverse    / http://xx.xx.x.x:port/

	<Location /api>
		ProxyPass http://xx.xx.x.x:port/api
		ProxyPassReverse http://xx.xx.x.x:port/api
	#	Require all granted
	#	SetEnv proxy-nokeepalive 1
	#	SetEnv proxy-sendchunked 1
	</Location>

	<Location /datas>
		ProxyPass http://xx.xx.x.x:port/datas
		ProxyPassReverse http://xx.xx.x.x:port/datas
	#	Require all granted
	#	SetEnv proxy-nokeepalive 1
	#	SetEnv proxy-sendchunked 1
	</Location>

 	<Directory /home/lacsi/associations/v_1.0.0/frontend>  
		Options Indexes FollowSymLinks MultiViews  
		AllowOverride All  
		Order allow,deny  
		allow from all  
	</Directory>


	#	ServerAdmin webmaster@localhost
	#	ErrorLog ${APACHE_LOG_DIR}/error.log
	#	CustomLog ${APACHE_LOG_DIR}/access.log combined



		SSLEngine on
		SSLCertificateFile	/etc/letsencrypt/live/associations.leffarmor.fr/fullchain.pem
		SSLCertificateKeyFile	/etc/letsencrypt/live/associations.leffarmor.fr/privkey.pem

		<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>


	</VirtualHost>


# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
1 Like
6

Not sure what's wrong with it, but perhaps it's the _default_ here? Maybe you need to change it to:

<VirtualHost *:443>

Just like port 80? But I'm just guessing now..

1 Like
7

and the file ports.conf

If you just change the port or add more ports here, you will likely also

have to change the VirtualHost statement in

/etc/apache2/sites-enabled/000-default.conf

Listen 80

NameVirtualHost *:443
Listen 443

Listen 443

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

8

Not better sadly

9

I see this still as well.

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
 Instead use the HTTPS scheme to access this URL, please.<br />
</p>
<hr>
<address>Apache/2.4.38 (Debian) Server at associations.leffarmor.fr Port 80</address>
</body></html>

Please show output (this time without hiding the names):
sudo apachectl -t -D DUMP_VHOSTS

10

*:80 associations.leffarmor.fr (/etc/apache2/sites-enabled/associations.leffarmor.fr.conf:1)
*:443 associations.leffarmor.fr (/etc/apache2/sites-enabled/associations.leffarmor.fr.conf:47)

thans for your interests

1 Like
11

OK, please show this entire file:

12 
<VirtualHost *:80>
	ServerAdmin webmaster@localhost
	DocumentRoot /v_1.0.0/frontend
	ServerName associations.leffarmor.fr
	ServerAlias server www.associations.leffarmor.fr

    ProxyPreserveHost On    
    ProxyStatus On    
    ProxyPass           / http://ip:port/
    ProxyPassReverse    / http://ip:port/

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

 	<Directory /home/lacsi/associations/v_1.0.0/frontend>  
		Options Indexes FollowSymLinks MultiViews  
		AllowOverride All  
		Order allow,deny  
		allow from all  
	</Directory>

	Redirect permanent / https://associations.leffarmor.fr:2500/

</VirtualHost>


<VirtualHost *:443>

	ServerAdmin webmaster@localhost
	DocumentRoot /home/lacsi/associations/v_1.0.0/frontend
	ServerName associations.leffarmor.fr
	ServerAlias server www.associations.leffarmor.fr

	ProxyPreserveHost On    
	ProxyStatus On    
	ProxyPass           / http://ip:port/
	ProxyPassReverse    / http://ip:port/

	<Location /api>
		ProxyPass http://ip:port/api
		ProxyPassReverse http://ip:port/api
	</Location>

	<Location /datas>
		ProxyPass http://ip:port/datas
		ProxyPassReverse http://ip:port/datas
	</Location>

 	<Directory /home/lacsi/associations/v_1.0.0/frontend>  
		Options Indexes FollowSymLinks MultiViews  
		AllowOverride All  
		Order allow,deny  
		allow from all  
	</Directory>

		SSLEngine on
		SSLCertificateFile	/etc/letsencrypt/live/associations.leffarmor.fr/fullchain.pem
		SSLCertificateKeyFile	/etc/letsencrypt/live/associations.leffarmor.fr/privkey.pem

		<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>

	</VirtualHost>
14

You're problem is likely here:

15

My vhost file is so basic and it works fine with only listen *80

the vhost is not intended for redirect it is only there for apache2 to know where to look for the document root which can be anywhere desired

the certificate is separate entity

<VirtualHost *:80>
ServerName hardcoregames.ca
ServerAlias www.hardcoregames.ca
ServerAdmin webmaster@localhost
DocumentRoot /var/www/hardcoregames.ca

<Directory /var/www/hardcoregames.ca>
     Options -Indexes +FollowSymLinks
     AllowOverride All
 </Directory>

 ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
 CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
</VirtualHost>
16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.