Cetbot changing the url and failin

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:spectrix.com and www.spectrix.com

I ran this command:certbot --apache

It produced this output:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: spectrix.com
Type: connection
Detail: 216.66.125.236: Fetching http://spectrix.com/.well-known/acme-challenge/CKEPq_nGZjPSpVRANCqrzD8t7XYNXfaf_XW5v5MTk6U: Timeout during connect (likely firewall problem)

Domain: www.spectrix.com
Type: connection
Detail: 216.66.125.236: Fetching http://www.spectrix.com/.well-known/acme-challenge/xnIdlzoQwFiDraiMMomQkwXO2ZxEoKEokrbm1D788A0: Timeout during connect (likely firewall problem)

My web server is (include version):apache/2.4.55 (ubuntu)

The operating system my web server runs on is (include version):ubuntu 23.04

My hosting provider, if applicable, is:register.com

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.8

The url shown as: http://spectrix.com/.well-known/acme-challenge/EUfpkyeQfY3H81ie-fAcTBnjEXAr8S9AugcwzNevMlA:

when I oopen the link I go to: https://spectrix.com.well-known/acme-challenge/EUfpkyeQfY3H81ie-fAcTBnjEXAr8S9AugcwzNevMlA

It appears that the "/" between the domain name and ".well-know" is getting removed, I suspect this is why certbot is failing.

Hi @cmora111, and welcome to the LE community forum :slight_smile:

That would break things.
It seems that your HTTP to HTTPS redirection is missing a "/".

3 Likes

The site seems unreachable now :frowning:
[at least for me]

2 Likes

There seem to be 2 different issues: the lack of connectivity to your website from the public internet, as shown by the timeout in the error message, as well as the incorrect redirect, which is due to a misconfiguration in your webserver and not due to Certbot or Let's Encrypt.

2 Likes

I've corrected the redirect.

Now I need to find out why can't reach from the public internet.

I will keep you posted. Thanks

2 Likes

I'm assuming before setting up https, you need to be able to access http via certbot, then make the changes for https.

1 Like

Yes, largely true for HTTP Challenges.

More precisely, Certbot is the ACME Client which makes the cert request to the Let's Encrypt ACME Server. The LE Server is the one which makes the HTTP request to the domain name you requested the cert for. The LE Server will make several requests from different points around the world to validate the connection. It looks for specific info placed on your server by Certbot before it made the request to LE.

You can setup your HTTPS before-hand using a self-signed cert or even just any other cert. But, you are correct that until you get a correct public cert and configure your HTTPS with it that your HTTPS won't be trusted by browsers and similar clients.

2 Likes

thank you for confirming that

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.