Challenge failed for domain algorismes.cat

Help
#1

Please fill out the fields below, so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:algorismes.cat

I ran this command:certbot renew

It produced this output:

image
image801×996 32.6 KB

My web server is (include version):
image

The operating system my web server runs on is (include version):
image

My hosting provider, if applicable, is: No hosting provider. I have a VPS on OVH

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --versionf you're using Certbot):
image

The certificate has never worked on this server. I had many problems last time when I tried to install it. Thus, since I was only trying to do it because it had worked on my other VPS but it was not really needed, I bypassed it by setting a rule on the iptables in such a way that connections to port 80 were redirected to 8080. Now the web is working only in http. But anyway, I keep on receiving warning mails for 10 days expiration.

Definitively, I dont need https on algorismes.cat. I will try to install it again when have some spare time.

On my other VPS, app.aprenonline.eu, I had initially similar problems that, asking in this forum, finally were solved by installing a reverse proxy, But when I tried to repeat the operation in algorismes.cat, I found new problems that I did not have time to face. That's why I set the iptable rule in order to get throught of it.

Therefore, if I could get back to the no certificate status for algorismes.cat, it could be ok. But the warning mails for the expiration worries me.

Any help would be much appreciated.

Thanks for having read til here!

Carles

#2

Hi @Carles

that's not an Apache, that's a Tomcat Apache.

http://algorismes.cat/.well-known/acme-challenge/1234

HTTP Status 404 – nicht gefunden

Type Status Report

Message The requested resource [/.well-known/acme-challenge/1234] is not available

Beschreibung The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.

Apache Tomcat/8.5.57

And Tomcat is an own world. So it's expected that the --apache authenticator can't work.

Same with installation, Tomcat uses something with Java.

Find the correct webroot, then use --webroot and certonly to create a certificate. Then use the Tomcat internal tools to install the certificate.

#3

Juergen,

Firstly, thanks for your reply.

And also let me tell you the situation right now step by step:

  1. What I really would like to do is to install a reverse proxy on algorismes.cat the same way I did three months ago on app.aprenonline.eu. Since I had some problems when I tried it, I left the iptable rule working on the VPS that holds algorismes.cat, than also holds esospelillos.com. I am concerned with a total of this three domains: algorismes.cat, esospelillos.com, and app.aprenonline.eu. The only that has no problems is app.aprenonline.eu, since it is on a separate VPS. I have three registered domains on two VPSs.

  2. On the other hand, next Monday January the 25th, I will start as a teacher in a new job. I will teach some contents on system administration that I need to deeply review before. Thus, unfortunately, now I am a bit nervous. And I have no time for this.

  3. When I have some time to dedicate to it, I will try again to install the reverse proxy on algorismes.cat and esospelillos.com. Since I got it working on app.aprenonline.eu, I guess I must get it for these other two. By now, I am just worried about its expiration date, since it is not working.

I assume that I have no problems on app.aprenonline.eu because the certificate is well installed and that makes the cron work right to renew it. That's why (I suppose) am not receiving mails about its expiration date. But on the other VPS (algorismes.cat and esopelillos.com), since it is not working, I am getting in troubles.

If temporally I could get back with this certificate, this would be a good solution. I don't really need algorismes.cat neither esospelillos.com to be secure pages.

Might be the problem is because in the VPS that holds app.aprenonline.eu I just have one registered domain. Instead, in the other one, there are two. I don't know.

Anyway, as said, right now I have no time to dedicate to this.

Let me insist in thank you for your reply. Thanks a lot.

Carles

Missatge de Juergen Auer via Let's Encrypt Community Support <letsencrypt@discoursemail.com> del dia ds., 23 de gen. 2021 a les 14:44:

#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.