Bit new to this. I'm trying to update the SSL cert on my unifi controller.
Currently running Server version: Apache/2.4.41 (Ubuntu)
Server built: 2022-06-14T13:30:55
I run the sudo cerbot renew command and get the following output:
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for controller.rockfieldit.com
Waiting for verification...
Challenge failed for domain controller.rockfieldit.com
http-01 challenge for controller.rockfieldit.com
Cleaning up challenges
Attempting to renew cert (unificontroller.rockfieldit.com) from /etc/letsencrypt /renewal/controller.rockfieldit.com.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/unificontroller.rockfieldit.com/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/unificontroller.rockfieldit.com/fullchain.pem (failure)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
The DNS records are all ok and I definitely have the correct IP address.
Any Ideas of what might be going on?
Do you know what authentication plugin is certbot using? Ie, what command did you run when you first got your certificate? And what webserver is running on your device?
Might be Apache config problem. Can you show result of this
sudo apachectl -t -D DUMP_VHOSTS
OR, your unifi management system is in the way. See these example curl's. Normally we see a "Server: Apache" response header but there is not one from your system. It is possible to configure Apache to not send one, but that is not typical.
curl -i unificontroller.rockfieldit.com
HTTP/1.1 302
Location: /manage
Date: Fri, 21 Oct 2022 15:07:54 GMT
(the 404 is expected since Test123 does not exist on your system. Just showing there is no Server: response header)
curl -i unificontroller.rockfieldit.com/.well-known/acme-challenge/Test123
HTTP/1.1 404
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 431
Date: Fri, 21 Oct 2022 15:08:10 GMT
now, i am try to issue again with different server and domain, then trouble again why Let's Encrypt looking to IPv6, i am not use any IPv6 on my server only IPv4
Could not issue an SSL/TLS certificate for thkforum2022.com
Details
Could not issue a Let's Encrypt SSL/TLS certificate for thkforum2022.com. Authorization for the domain failed.
Detail: DNS problem: SERVFAIL looking up A for thkforum2022.com - the domain's nameservers may be malfunctioning; DNS problem: query timed out looking up AAAA for thkforum2022.com
Can you show contents of that file? Please add 3 backticks before and after the output to ensure key info is not lost due to formatting. Like
```
contents of file
```
Please see contents of /etc/apache2/sites-enabled/000-default.conf below.
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =unificontroller.rockfieldit.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>