Challenge failed for domain with Apache as proxy

Help
#1

I have a Java application and apache as proxy for the certificate. Previously I had GoDaddy's certificate, but I used LE's certificate in another domain and it worked properly using

wget https://dl.eff.org/certbot-auto

but when running
./certbot-auto
I get
Your system is not supported by certbot-auto anymore

That said, I installed via snap, but when running certbot certonly --standalone I get the failed challenge.

Any help would be appreciated.

My domain is: facturapp.com

I ran this command: certbot certonly --standalone

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): facturapp.com
Requesting a certificate for facturapp.com
Performing the following challenges:
http-01 challenge for facturapp.com
Waiting for verification...
Challenge failed for domain facturapp.com
http-01 challenge for facturapp.com
Cleaning up challenges
Some challenges have failed.

My web server is (include version): Apache/2.4.25 (Debian)

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

1 Like
#2

Hi @amatos

that's only a notice, not the complete error message. The error message is required, port 80 must work if you want to use --standalone and if there is no running webserver you can use.

1 Like
#3

@JuergenAuer thanks for your reply. Actually, I missed the error message which is as follows:

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: facturapp.com
   Type:   connection
   Detail: Fetching
   http://facturapp.com/.well-known/acme-challenge/cN_K75JBWjFNyKgjLkbAsGZV8XqJKkITqv389wu4CR4:
   Timeout during connect (likely firewall problem)

Please let me know if more information is needed.

1 Like
#4

There you see your job: Letsencrypt can't check your domain. Change that.

http doesn't work, https doesn't work.

And why do you use --standalone? That's hard to debug.

Use your running Apache to validate your domain.

#5

at the end I had to do a couple of things:

  • create a new droplet
  • point the domain to the new server
  • generate the certificate
  • copy the files to the main server
  • restart apache
  • point the domain to the main server
  • remove old server

It worked like a charm :slight_smile:

1 Like