Hello!
I run this command : sudo certbot --apache -d test-site.work.gd -d www.test-site.work.gd
and i got this error :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for test-site.work.gd and www.test-site.work.gd
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
I moved your post into its own thread. We prefer each problem to have its own. Even though you may get the same error message that can be caused by different things.
Also, when posting a new topic in the help section you are shown a form asking for more info so we can help you. Please supply answers to the questions below as best you can. I remove the questions you already answered by showing the command and error message.
==========================
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I had a similar problem. I'm not certain exactly what my problem was because I tidied up lots of things in my Apache configs and suddenly it worked.
I just realised that I wrote this assuming you have ssh access. I'll post it anyway.
Obviously check that you don't have firewall rules causing a problem. In my case it was NOT a firewall.
Make sure that your Apache config is correct. I suspect part of my problem was failure to set a functioning default vhost. If you browse to your server's IP number it should go to whatever your default Vhost is. I set up a dummy vhost config.
Make sure Apache Vhosts are listening on port 80, as well as 443. I think you can drop the port 80 config once your certificate is working, but someone else might be able to confirm that
Thoroughly check that your Vhosts are pointing to the right web root directory. It might sound silly, but it's easy to make that mistake when you first set up (I did!)
When you test Apache use a browser with cleared history/cache/cookies etc. Caching can really mess you up. You are testing, aren't you? Preferably test from outside your local network. It's a good use for a vpn. You can bypass all the "dangerous site" warnings since you are going to your own server.
Make sure your permissions are correct on your web-root directory and below. On a Debian based system it will be www-data, but YMMV.
A default Apache VirtualHost should not be involved in Certbot's --apache option. You should have a VirtualHost with the domain name(s) listed as ServerName and ServerAlias (if needed).
You cannot drop port 80 after getting the cert. Each time it is renewed with --apache option requires satisfying a new challenge which needs port 80.
Yes, that is important but does not affect using the --apache option. Certbot inserts temporary code into your VHost for the challenge file.
That is very true. Better would be to use a tool like curl so you can more clearly see how the server responds. Something like: curl -i http://example.com
Curl does not use a cache to worry about
Good advice but the --apache option of Certbot is not affected by that
