Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Requesting a certificate for flow3.flowbasket.com
Performing the following challenges:
http-01 challenge for flow3.flowbasket.com
Using the webroot path /var/www for all unmatched domains.
Waiting for verification...
Challenge failed for domain flow3.flowbasket.com
http-01 challenge for flow3.flowbasket.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: flow3.flowbasket.com
Type: unauthorized
Detail: 167.99.47.86: Invalid response from
http://flow3.flowbasket.com/.well-known/acme-challenge/H3L40v5IeQWS8D3J9BHmERlhD6VQCXqtqN-4oHHpRsw:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): CentOS Linux release 7.9.2009 (Core)
The operating system my web server runs on is (include version): CentOS Linux release 7.9.2009 (Core)
My hosting provider, if applicable, is: Whogohost
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0
Also, that domain got a valid cert from cPanel yesterday. And, the Apache server is using it. Why do you need another cert? See link below for your active cert:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Simulating a certificate request for flow3.flowbasket.com
Performing the following challenges:
http-01 challenge for flow3.flowbasket.com
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Waiting for verification...
Challenge failed for domain flow3.flowbasket.com
http-01 challenge for flow3.flowbasket.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: flow3.flowbasket.com
Type: unauthorized
Detail: 167.99.47.86: Invalid response from
http://flow3.flowbasket.com/.well-known/acme-challenge/SFgZXEXJIP0oFSBbtRiWNJ-yBXW1Q82wx3OJz3LWVhg:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I am trying to generate a certificate for a service I am running on the server that needs it
What really made me to try to generate a new certificate is that I am running jitsi-meet using docker on my server if I don't enable let's encrypt in the .env configuration the jitsi-meet web docker container will start and run successfully without any issues because it will not try to generate SSL certificate and it will run as unsecured http, but if I enable let's encrypt (that's to tell it to run the web docker container with https) by setting ENABLE_LETSENCRYPT=1 after the web docker container has been created it will try to generate SSL using let's encrypt it will give exactly that error message I'm getting if I try to generate SSL certificate with certbot and it will stop and keep restarting itself
this is the error message it gives:
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-set-timezone: executing...
[cont-init.d] 01-set-timezone: exited 0.
[cont-init.d] 10-config: executing...
/opt /
[Thu Aug 31 18:19:51 UTC 2023] Installing to /config/acme.sh
[Thu Aug 31 18:19:51 UTC 2023] Installed to /config/acme.sh/acme.sh
[Thu Aug 31 18:19:51 UTC 2023] Installing alias to '/root/.profile'
[Thu Aug 31 18:19:51 UTC 2023] OK, Close and reopen your terminal to start using acme.sh
[Thu Aug 31 18:19:51 UTC 2023] Installing cron job
28 0 * * * "/config/acme.sh"/acme.sh --cron --home "/config/acme.sh" > /dev/null
[Thu Aug 31 18:19:52 UTC 2023] Good, bash is found, so change the shebang to use bash as preferred.
[Thu Aug 31 18:19:52 UTC 2023] OK
/
[Thu Aug 31 18:19:54 UTC 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Thu Aug 31 18:19:54 UTC 2023] Run pre hook:'if [[ -d /var/run/s6/services/nginx ]]; then s6-svc -d /var/run/s6/services/nginx; fi'
[Thu Aug 31 18:19:54 UTC 2023] Standalone mode.
[Thu Aug 31 18:19:56 UTC 2023] Create account key ok.
[Thu Aug 31 18:19:57 UTC 2023] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Thu Aug 31 18:19:59 UTC 2023] Registered
[Thu Aug 31 18:19:59 UTC 2023] ACCOUNT_THUMBPRINT='lLzm63uh4owCHM92Ljf0qRbva7ver9HqohBfbOczVD0'
[Thu Aug 31 18:19:59 UTC 2023] Single domain='flow3.flowbasket.com'
[Thu Aug 31 18:19:59 UTC 2023] Getting domain auth token for each domain
[Thu Aug 31 18:20:03 UTC 2023] Getting webroot for domain='flow3.flowbasket.com'
[Thu Aug 31 18:20:04 UTC 2023] Verifying: flow3.flowbasket.com
[Thu Aug 31 18:20:04 UTC 2023] Standalone mode server
[Thu Aug 31 18:20:11 UTC 2023] flow3.flowbasket.com:Verify error:167.99.47.86: Invalid response from http://flow3.flowbasket.com/.well-known/acme-challenge/LT_KktSbyvlnUY77POldhjrd77K6y2nXxM7p5bCoxYo: 404
[Thu Aug 31 18:20:11 UTC 2023] Please add '--debug' or '--log' to check more details.
[Thu Aug 31 18:20:11 UTC 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Thu Aug 31 18:20:11 UTC 2023] Run post hook:'if [[ -d /var/run/s6/services/nginx ]]; then s6-svc -u /var/run/s6/services/nginx; fi'
Failed to obtain a certificate from the Let's Encrypt CA.
Exiting.
[cont-init.d] 10-config: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/et
That info is very helpful. You have a lot of pieces that need to work together.
What does the Apache server do?
Your cert requests have to be resolved by that because that is what is handling HTTP requests to your domain. You could instead use a DNS Challenge but it is hard to say if that would help.
That Apache server has a cert, chain, and private key file. If you can find that maybe you could use that as the existing TLS cert and key? It does not have to be called "fullchain". That is just the naming convention used by Certbot.
Update: And, Apache right now is also handling HTTPS requests so if you want to reach any of those other parts on standard HTTP and HTTPS ports you need to figure out what to do. Either use Apache as a reverse proxy or get it out of the way entirely.
thanks for your response and suggestions, I think I will try to use one of the .key and .crt files in the /etc/ssl/private and certs directory because I don't know any other things to do anymore
this is the content of my private and certs directory, the coturn.key in the private dir is a self generated key, and I don't know if it will work if I should use the 167-99-47-86.cprapid.com.key or the coturn.key as the cert.key and any .crt file in the certs directory as the cert.fullchain
I think you are trying to put together a complicated mix of components. We focus on helping people get Let's Encrypt certs. I think you need help with general server design and setup. You would probably be better off at a jitsi meet forum for guidance (see below link).
You could also search this forum for jitsi and you will see some of what other people have sorted out.
Most of us here are volunteers offering our expertise and time for free. It is possible some other volunteer will be willing to guide you it is more involved than I want to help with.
