Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domains are:
csnet.live
I ran these two commands:
sudo certbot certonly --dry-run --webroot --webroot-path /Users/MyAccountNameHere/Sites/FirstDomain
sudo certbot certonly --dry-run --webroot --webroot-path /Users/MyAccountNameHere/Sites/SecondDomain
It produced this output:
For billkochman.com and www.billkochman.com:
Waiting for verification...
Challenge failed for domain billkochman.com
Challenge failed for domain www.billkochman.com
http-01 challenge for billkochman.com
http-01 challenge for www.billkochman.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: billkochman.com
Type: unauthorized
Detail: Invalid response from
https://www.billkochman.com/errors/302.html [202.128.4.177]:
"\r<html amp="" lang="en">\r \r <meta
charset="utf-8">\r <script async
src="https://cdn.ampproject.org/v0"Domain: www.billkochman.com
Type: unauthorized
Detail: Invalid response from
https://www.billkochman.com/errors/302.html [202.128.4.177]:
"\r<html amp="" lang="en">\r \r <meta
charset="utf-8">\r <script async
src="https://cdn.ampproject.org/v0"To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
For csnet.live and www.csnet.live:
Waiting for verification...
Challenge failed for domain csnet.live
Challenge failed for domain www.csnet.live
http-01 challenge for csnet.live
http-01 challenge for www.csnet.live
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: csnet.live
Type: unauthorized
Detail: Invalid response from
https://www.billkochman.com/errors/302.html [202.128.4.177]:
"\r<html amp="" lang="en">\r \r <meta
charset="utf-8">\r <script async
src="https://cdn.ampproject.org/v0"Domain: www.csnet.live
Type: unauthorized
Detail: Invalid response from
https://www.billkochman.com/errors/302.html [202.128.4.177]:
"\r<html amp="" lang="en">\r \r <meta
charset="utf-8">\r <script async
src="https://cdn.ampproject.org/v0"To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
Apache 2.4.46 (part of MAMP PRO 6.0.1 for macOS)
The operating system my web server runs on is (include version):
macOS Big Sur 11.0.1 (previously macOS Catalina 10.15.7)
My hosting provider, if applicable, is:
Not applicable
I can login to a root shell on my machine (yes or no, or I don't know):
Not necessary. I have direct access to my iMac and use the Terminal app with certbot
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
1.9.0
For a number of years now, I have had no problem manually renewing my certificates for billkochman.com and www.billkochman.com using certbot in the macOS Terminal app, and then copying the resulting two certificates and key file over to my MAMP PRO installation.
However, recently, three major changes occurred:
- I upgraded from macOS 10.15.7 to macOS 11.0.1
- I upgraded MAMP PRO from 5.7.0 to 6.0.1
- I registered a second domain name to include as a new host in MAMP PRO
While Apple is constantly tightening machine security, at this point, I am not convinced that the upgrade to macOS 11.0.1 is the source of my problem. In fact, while my memory is a bit fuzzy, I think the certificate issues I am having may have started under macOS 10.15.7.
My suspicion is that the problem may lie with the MAMP PRO upgrade, because some major changes were made between MAMP PRO versions 5.7.0 and 6.0.1.
Chief among these changes are two things which may be causing my certificate difficulties:
-
MAMP PRO now auto-creates its own self-signed certificates. Well, actually, only two of the three: the certificate itself, and the key file. It does not create a chain file, which I definitely need, being as I am running my sites on Apache.
-
After many years, Appsolute -- the developers of MAMP PRO -- forced us to move our document roots from the "htdocs" folder -- which resides inside of the main MAMP folder -- to /Users/AccountName/Sites/. While I could be wrong, I suspect that this may be the root cause of the problems I am having now. Worse yet, it is no longer even possible now to choose the "htdocs" folder, or the document root folders it formerly contained.
The way I discovered this current problem regarding certificate creation and renewals is when I used the Terminal app and certbot to create the first certificates for my new domain, csnet.live. That is when I first encountered the "unauthorized" and 302 errors.
After getting shut out due to your rate limits, I became curious and decided to see if I could renew my certificates for billkochman and www.billkochman.com, which I last renewed on October 6th. When I encountered the very same "unauthorized" and 302 errors, that is when I became alarmed.
Following is a list, in order, of everything I have done in order to try to resolve this issue:
- Installed XCode Command Line Tools 12.2
- Reinstalled Homebrew
- Upgraded Certbot from 0.32.0 to 1.9.0
- Uninstalled all LetsEncrypt files and folders and started from scratch
- Removed all HSTS Preload List redirect code from MAMP PRO’s httpd.conf file
- Totally removed htaccess files from both billkochman.com and csnet.live document roots
- Totally shut down my LAN and rebooted my two iMacs, router and MAMP PRO
There is NO rewrite or redirection code anywhere that I am aware of, so I don't understand why my server is saying "unauthorized" and throwing the 302 error.
Despite taking all of the above steps, when I use certbot in the Terminal app to try to obtain LetsEncrypt certificates for my two domains, I am still getting the aforementioned feedback in the Terminal app.
I don’t know what else to do or try to fix this. I have done all that I can. Does anyone here have a clear solution that does not involve starting totally from scratch? And actually, that shouldn't be necessary anyway, because my main website is working fine, my blog is working fine, and my social network is working fine.
As I said, I last renewed my certificates for my main website -- billkochman.com -- in October, so they are still good for now. However, with my social network site -- csnet.live -- I do have the SSL warning because it is using a self-signed certificate that was created by MAMP PRO, which is useless. As a result, with csnet.live, for the time being, you have to allow a security exception in your web browser, if you want to access the site. Here are the three URLs:
https://www.csnet.live