It's very weird why Certbot doesn't recognise your -v option..
That said, maybe it "just works" now with the --webroot authenticator?
Also, you forgot the www subdomain.
Sorry, didn't work:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: m-it.care
Type: connection
Detail: 81.169.145.93: Fetching http://server.bc9xamf4lhwkdxiy.myfritz.net/.well-known/acme-challenge/_X4RYYcBAf6PVDe1EUEFu3cgOQx7UGEqrmSDYnlmQlU: Redirect loop detected
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
I removed that to not complicate things. www has another redirect to the folder web.
Hmkay, weird. Probably some Apache configuration issue.
Unfortunately I currently don't have the time to dive into an Apache issue, but maybe some other volunteer can assist you with that.
Thanks for your help anyhow.
@midt Do you have any problem you need our help with? I see you are still changing your DNS and network config. For example, last night (US East Coast) I could reach your m-it.care domain on IPv4 and v6 but right now IPv6 fails while IPv4 works.
I get the below results for your "home" page too so this is not unique to Let's Encrypt
curl -i6 -m7 http://m-it.care/.well-known/acme-challenge/Test404
curl: (7) Failed to connect to m-it.care port 80 after 264 ms:
Permission denied
curl -i4 -m7 http://m-it.care/.well-known/acme-challenge/Test404
HTTP/1.1 404 Not Found
Date: Wed, 18 Dec 2024 15:20:20 GMT
Server: Apache/2.4.52 (Ubuntu)
1 Like
Hi Mike,
thanks for your support. Osiris mentioned yesterday that forwarding via frames is outdates, so i changed to dyndns and was now able to generate the pem files with
this command: sudo certbot certonly --webroot -w /var/www/html -d m-it.care -v
...
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/m-it.care/fullchain.pem
Key is saved at: /etc/letsencrypt/live/m-it.care/privkey.pem
This certificate expires on 2025-03-18.
And I enabled SSL with this settings:
<VirtualHost *:80>
ServerName m-it.care
ServerAlias www.m-it.care
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/m-it.care/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/m-it.care/privkey.pem
<Directory /var/www/html>
AllowOverride All
Options Indexes FollowSymLinks
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/m-it_error.log
CustomLog ${APACHE_LOG_DIR}/m-it_access.log combined
</VirtualHost>
Unfortunately I now get this error... Perhaps you can tell why?
Secure Connection Failed
An error occurred during a connection to m-it.care. SSL received a record that exceeded the maximum permissible length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG
According to nslookup.io I have now both, a valid IPv4 and a valid IPv6 adress for my site m-it.care. The adresses listed there are the same that are shown by my provider Strato.
The SSL config should have port 443 in its VirtualHost statement. Not port 80 like you have
2 Likes
Oh 
I must have missed that earlier because I was so exited that the certificates were finally generated. Thanks a lot! Now everything works fine. I was really great how quick you and your team solved all of this. For others users: Frames seems to be an issue with letsencrypt.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.