Certbot: two domains fail


#1

Hi all,

I host five domains on my server. Last December, I configured Dehydrated to obtain SSL certs for all five domains. A week ago, Dehdyrated was able to renew three. Two domains keep failing.

I am now trying to renew the failing domains using certbot.

First, I renewed a good domain using certbot. This command works fine:

certbot certonly --webroot -w /usr/local/www/cbrace.nl/ -d cbrace.nl -d www.cbrace.nl

so I know it works on my server.

However whatever I do, the other two domains keep failing, and I can’t figure out why.

Thanks for any tips.

Colin

Please fill out the fields below so we can help you better.

My domains: wfbrace.net, nuj-netherlands.nl

I ran this command:

certbot certonly --webroot -w /usr/local/www/wfbrace.net -d wfbrace.net -d www.wfbrace.net
certbot certonly --webroot -w /usr/local/www/nuj/ -d nuj-netherlands.nl -d www.nuj-netherlands.nl

It produced this output for both domain names:

Failed authorization procedure. www.wfbrace.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to wfbrace.net.well-known, wfbrace.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to wfbrace.net.well-known

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.wfbrace.net
   Type:   connection
   Detail: Could not connect to wfbrace.net.well-known

   Domain: wfbrace.net
   Type:   connection
   Detail: Could not connect to wfbrace.net.well-known

My operating system is (include version):
FreeBSD v11.0 RELEASE p8

My web server is (include version):
Apache v2.4.25_1

My hosting provider, if applicable, is:
Private VPS

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No


#2

The web server redirects requests to http://wfbrace.net/.well-known/acme-challenge/ and http://www.wfbrace.net/.well-known/acme-challenge/ to https://wfbrace.net.well-known/acme-challenge/. Obviously, that’s invalid, and it doesn’t work.

It sounds like your redirect configuration is missing a “/” somewhere. If you give us the configuration, we should be able to help spot it.

(You could also change it to stop redirecting those requests at all, but it’s not necessary, and it’s your choice.)


#3

Many thanks! I was missing a trailing forward slash in the redirects in my vhosts file for those two domains. This fixed it:

Redirect permanent / https://nuj-netherlands.nl/


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.