Challenge keeps failing

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: oxybot.xyz

I ran this command: sudo certbot --apache

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


1: oxybot.xyz


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for oxybot.xyz
Performing the following challenges:
http-01 challenge for oxybot.xyz
Enabled Apache rewrite module
Waiting for verification...
Challenge failed for domain oxybot.xyz
http-01 challenge for oxybot.xyz
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version): Apache version 2.4.59

The operating system my web server runs on is (include version): PRETTY_NAME="Raspbian GNU/Linux 11 (bullseye)"
NAME="Raspbian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=raspbian
ID_LIKE=debian

My hosting provider, if applicable, is: Hostinger

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Webmin 2.111

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.12.0

Hello @Oxydium, welcome to the Let's Encrypt community. :slightly_smiling_face:

Supplemental information. Port 80 is Open and working; Port 443 is Closed.
Showing GET on Port 80 for the ACME HTTP-01 Challenge working.

$ curl -i http://oxybot.xyz/.well-known/acme-challenge/sometestfile
HTTP/1.1 404 Not Found
Date: Wed, 15 May 2024 23:33:29 GMT
Server: Apache/2.4.59 (Raspbian)
Content-Length: 274
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.4.59 (Raspbian) Server at oxybot.xyz Port 80</address>
</body></html>

Showing Port 80 Open and Port 443 Closed.

$ nmap -Pn -p80,443 oxybot.xyz
Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-15 16:33 PDT
Nmap scan report for oxybot.xyz (68.189.64.59)
Host is up (0.050s latency).
rDNS record for 68.189.64.59: syn-068-189-064-059.res.spectrum.com

PORT    STATE  SERVICE
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds

Kindly wait for more knowledgeable Let's Encrypt community volunteers to assist.

So far it kind of looks OK apart from certbot being an old version from 3 years ago. I'm not a certbot expert but you could consider upgrading certbot to the snap version (there are no specific instructions on the certbot site for debian 11): Certbot Instructions | Certbot

If upgrading I'd suggest a full backup first as switching from the os distro version to the snap version could be tricky(?). Or switch to using acme.sh etc

3 Likes

I switched to the snap version and ran sudo certbot --apache and it only failed faster

oxydium@serverpi:~ $ sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): [redacted]@gmail.com    

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in
order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n
Account registered.

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: www.oxybot.xyz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Requesting a certificate for www.oxybot.xyz

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: www.oxybot.xyz
  Type:   unauthorized
  Detail: 68.189.64.59: Invalid response from http://www.oxybot.xyz/.well-known/acme-challenge/-JuhSXuuxykMgI1AEkia_yrbuHks6pi3RlFN2TdUVMI: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

as for the log

2024-05-16 02:29:49,868:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2024-05-16 02:29:52,404:DEBUG:certbot._internal.main:certbot version: 2.10.0
2024-05-16 02:29:52,405:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/3699/bin/certbot
2024-05-16 02:29:52,405:DEBUG:certbot._internal.main:Arguments: ['--apache', '--preconfigured-renewal']
2024-05-16 02:29:52,406:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-05-16 02:29:52,502:DEBUG:certbot._internal.log:Root logging level set at 30
2024-05-16 02:29:52,523:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2024-05-16 02:29:53,198:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.59
2024-05-16 02:29:54,553:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x75ab1160>
Prep: True
2024-05-16 02:29:54,555:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_debian.DebianConfigurator object at 0x75ab1160> and installer <certbot_apache._internal.override_debian.DebianConfigurator object at 0x75ab1160>
2024-05-16 02:29:54,556:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2024-05-16 02:32:18,176:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-05-16 02:32:18,186:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-05-16 02:32:18,728:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 747
2024-05-16 02:32:18,730:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 May 2024 09:32:18 GMT
Content-Type: application/json
Content-Length: 747
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "4YSYLPioWrY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-05-16 02:32:27,016:DEBUG:acme.client:Requesting fresh nonce
2024-05-16 02:32:27,017:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-05-16 02:32:27,091:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-05-16 02:32:27,093:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 May 2024 09:32:27 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: -fkSYaIhimmK2Ytm2_NbBS3rM1PLUHvsGdrY5NGyXB99UjbB1bo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2024-05-16 02:32:27,094:DEBUG:acme.client:Storing nonce: -fkSYaIhimmK2Ytm2_NbBS3rM1PLUHvsGdrY5NGyXB99UjbB1bo
2024-05-16 02:32:27,095:DEBUG:acme.client:JWS payload:
b'{\n  "contact": [\n    "mailto:[redacted]@gmail.com"\n  ],\n  "termsOfServiceAgreed": true\n}'
2024-05-16 02:32:27,129:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-acct:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogInhhR21yczJkcUpBUU1oOXZTeFR1SHhWdkdQNkxzbHBvQnpDWUszVy1LeDFncU9LSTJaeHFmVXJnY0dTOVVjUDFoTGNvbmJ5c1pBZzN6TTNWLWRvcWtzMzN1Z2xpWjRSQ09iUC1kQkRsajhLMzctSG9Lbm9fWVV1aGdoRTNLNmRFZTcwM0syVVZoNGNjQ01qaXpSbEtkaFE2b25CTHZzUTVhcTRsUUU4SF9ycjI3dmwyNXpRTjRkV25sZmplWDJsNGJacmFuQUlJZ1R2REJJM0hhYWlpRGpKNmFJaTBkNzBBYklJeTB6dE03T0hYSmpfTWV1aVIwR1ZtZzRDQU0tSTBXYVljYnlLaklyRUo4ay1PMnJUcWNCNjlybmZvMk1MOHdTMGwzdnM3TFQ4ZjZBaVBvVFlDNkZoV2JnMXJXVURDalN1MzJpT3lFcWYtZHZaek1feUg3dyIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiLWZrU1lhSWhpbW1LMll0bTJfTmJCUzNyTTFQTFVIdnNHZHJZNU5HeVhCOTlVamJCMWJvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCJ9",
  "signature": "MjOsy4QILWBFyKCHs3NMaDdZG6SS3fUYVpeDvsq77MFoTqe2tfP6YlkB-ahccCxrno-B2TgxhRsg3-Xe30h-XJr-GtVKZOIwvMVfgx-BkiIiFf6TakQy8sQfAoJKXKQtYxyYFVuJpFQoP2JdDye5DWqR2t9C9wleA4xcStLZ8WSdiCaeuLzYfayF9WsPRXwsv7pAH7qetufst4ExQlE6E-sdbD4dXdEP31QHtx2MaLL0N2lM1mpLy2xJgUPsnJSanSVnksWPyqs95LLCsfmqWXNBQVnUpRK5YzR8sV9n5CekZv6_e_HtDDe1kLVWHKwfO7__6EuaYpaFw5lX0TOkRQ",
  "payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzpkYWJvbnRoZW1oYXRlcnMxMjVAZ21haWwuY29tIgogIF0sCiAgInRlcm1zT2ZTZXJ2aWNlQWdyZWVkIjogdHJ1ZQp9"
}
2024-05-16 02:32:27,319:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 592
2024-05-16 02:32:27,322:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 16 May 2024 09:32:27 GMT
Content-Type: application/json
Content-Length: 592
Connection: keep-alive
Boulder-Requester: 1729295717
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf>;rel="terms-of-service"
Location: https://acme-v02.api.letsencrypt.org/acme/acct/1729295717
Replay-Nonce: 9tl4X0FTTRWDe_mGl8KL3xx6D4ZL1TasYOO17NcaqSlsGJ0icNo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "key": {
    "kty": "RSA",
    "n": "xaGmrs2dqJAQMh9vSxTuHxVvGP6LslpoBzCYK3W-Kx1gqOKI2ZxqfUrgcGS9UcP1hLconbysZAg3zM3V-doqks33ugliZ4RCObP-dBDlj8K37-HoKno_YUuhghE3K6dEe703K2UVh4ccCMjizRlKdhQ6onBLvsQ5aq4lQE8H_rr27vl25zQN4dWnlfjeX2l4bZranAIIgTvDBI3HaaiiDjJ6aIi0d70AbIIy0ztM7OHXJj_MeuiR0GVmg4CAM-I0WaYcbyKjIrEJ8k-O2rTqcB69rnfo2ML8wS0l3vs7LT8f6AiPoTYC6FhWbg1rWUDCjSu32iOyEqf-dvZzM_yH7w",
    "e": "AQAB"
  },
  "contact": [
    "mailto:[redacted]@gmail.com"
  ],
  "initialIp": "2600:6c52:643f:4894:0:a198:764:129",
  "createdAt": "2024-05-16T09:32:27.257535372Z",
  "status": "valid"
}
2024-05-16 02:32:27,323:DEBUG:acme.client:Storing nonce: 9tl4X0FTTRWDe_mGl8KL3xx6D4ZL1TasYOO17NcaqSlsGJ0icNo
2024-05-16 02:32:40,746:DEBUG:certbot._internal.display.obj:Notifying user: Account registered.
2024-05-16 02:32:40,747:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.bindings._rust.openssl.rsa.RSAPublicKey object at 0x759ec5f0>)>), contact=('mailto:[redacted]@gmail.com',), agreement=None, status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1729295717', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf'), 377d2fb818c66c13e17d6625fddfa7b8, Meta(creation_dt=datetime.datetime(2024, 5, 16, 9, 32, 27, tzinfo=<UTC>), creation_host='serverpi', register_to_eff=None))>
2024-05-16 02:32:43,699:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for www.oxybot.xyz
2024-05-16 02:32:43,825:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "www.oxybot.xyz"\n    }\n  ]\n}'
2024-05-16 02:32:43,842:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTcyOTI5NTcxNyIsICJub25jZSI6ICI5dGw0WDBGVFRSV0RlX21HbDhLTDN4eDZENFpMMVRhc1lPTzE3TmNhcVNsc0dKMGljTm8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "IiJfKqLi75hNT2TyWJU9kU-mnQfpJm6Zzm7WC5MEv8H4NVO9QH1RGNcw3OF4kiaFb1_4pFM1pSvw8U4got16QVNESsc9YVGGV_eiL2iKsNo--_iz0kZAiv9rZscEGvA7tZN16l0WPXeH7XgbXXa20pSysKHfmTf5xTDovdDHnLuzzbRVnskx6KXfAJVDxjBb6LhmCPD_y9jlutoX8bIdcXoYU1KsAT5AhsJc1l-RlJd_9qU4NjTqCCJ4byV6yY01KrjOCjruNb9AqptBORB-4mtv96Tn9ZoIUX-cqIFDkvrLqoIhy_RfemW50_-C3dz04Z1Rtp3ImYuhyhcL0aUW2A",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5veHlib3QueHl6IgogICAgfQogIF0KfQ"
}
2024-05-16 02:32:44,122:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 340
2024-05-16 02:32:44,125:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 16 May 2024 09:32:44 GMT
Content-Type: application/json
Content-Length: 340
Connection: keep-alive
Boulder-Requester: 1729295717
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1729295717/269856377367
Replay-Nonce: 9tl4X0FTDBwqemuveUALWuNPDqM0J1pZLF7tniwtaGUwKVHP2gI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2024-05-23T09:32:43Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "www.oxybot.xyz"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/351422494977"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1729295717/269856377367"
}
2024-05-16 02:32:44,126:DEBUG:acme.client:Storing nonce: 9tl4X0FTDBwqemuveUALWuNPDqM0J1pZLF7tniwtaGUwKVHP2gI
2024-05-16 02:32:44,133:DEBUG:acme.client:JWS payload:
b''
2024-05-16 02:32:44,160:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/351422494977:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTcyOTI5NTcxNyIsICJub25jZSI6ICI5dGw0WDBGVERCd3FlbXV2ZVVBTFd1TlBEcU0wSjFwWkxGN3RuaXd0YUdVd0tWSFAyZ0kiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM1MTQyMjQ5NDk3NyJ9",
  "signature": "Imcso6ULxlrhzghcGMpgjgBoVKCeOHJ2ZqovECwIj9k0qN4zxu66NRhNEMzZw4aI1IfMjMDLeO3thNyeJR4HHfxZUw-D-mZgtfes6zOOdtwoUp4EIsC8LcJFx35Hceai6v9ooMrg7B1WJV40i_00Gk8dxalmYgKFzT0ra0VDIsZR1iudemY6Ymkw0LJfoZo3n_LRrmM6ICKKOOUf19C_DnOxsYzDzrM8kmgTvVdKukr2QcxuDODYMwTTAysSpRHr5CgZAxBuf4DxXFfMCjwRUC8lZP1jwszG3Lp1A3pa99b1heTFm2M_7UcYvN-VurtYQWaKhY9Pn4skgvtoXI9vqg",
  "payload": ""
}
2024-05-16 02:32:44,253:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/351422494977 HTTP/1.1" 200 798
2024-05-16 02:32:44,255:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 May 2024 09:32:44 GMT
Content-Type: application/json
Content-Length: 798
Connection: keep-alive
Boulder-Requester: 1729295717
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: -fkSYaIhj5nGMIc-2xQfQ1rhfaJnXIu_C0ydhGOP3pWN5Pa9SM0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.oxybot.xyz"
  },
  "status": "pending",
  "expires": "2024-05-23T09:32:43Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351422494977/r9q9hA",
      "token": "-JuhSXuuxykMgI1AEkia_yrbuHks6pi3RlFN2TdUVMI"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351422494977/yRi99Q",
      "token": "-JuhSXuuxykMgI1AEkia_yrbuHks6pi3RlFN2TdUVMI"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351422494977/EhS5JQ",
      "token": "-JuhSXuuxykMgI1AEkia_yrbuHks6pi3RlFN2TdUVMI"
    }
  ]
}
2024-05-16 02:32:44,256:DEBUG:acme.client:Storing nonce: -fkSYaIhj5nGMIc-2xQfQ1rhfaJnXIu_C0ydhGOP3pWN5Pa9SM0
2024-05-16 02:32:44,259:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-05-16 02:32:44,259:INFO:certbot._internal.auth_handler:http-01 challenge for www.oxybot.xyz
2024-05-16 02:32:44,627:INFO:certbot_apache._internal.override_debian:Enabled Apache rewrite module
2024-05-16 02:32:45,062:DEBUG:certbot.reverter:Creating backup of /etc/apache2/ports.conf
2024-05-16 02:32:45,657:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: None in: /etc/apache2/sites-enabled/webmin.1715289138.conf
2024-05-16 02:32:45,660:DEBUG:certbot_apache._internal.http_01:writing a pre config file with text:
         RewriteEngine on
        RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
    
2024-05-16 02:32:45,661:DEBUG:certbot_apache._internal.http_01:writing a post config file with text:
         <Directory /var/lib/letsencrypt/http_challenges>
            Require all granted
        </Directory>
        <Location /.well-known/acme-challenge>
            Require all granted
        </Location>
    
2024-05-16 02:32:45,734:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/webmin.1715289138.conf
2024-05-16 02:32:49,732:DEBUG:acme.client:JWS payload:
b'{}'
2024-05-16 02:32:49,750:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/351422494977/r9q9hA:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTcyOTI5NTcxNyIsICJub25jZSI6ICItZmtTWWFJaGo1bkdNSWMtMnhRZlExcmhmYUpuWEl1X0MweWRoR09QM3BXTjVQYTlTTTAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzM1MTQyMjQ5NDk3Ny9yOXE5aEEifQ",
  "signature": "iSvGGEXfRKYuw8_EeRnGpMczL3QPZHsz6hvjA8aC2b--6082VxkBNomKpTYXsPrEHqA3zKvzdrYLKkWKKjgvQXM37j4rREoIgDuVPLRjRHWuTzjOCDd20kviqOQU5WtgMzrrVRV2WrPinDEWl6P9YyK7jDFbYeDehDHgICAio74FPUjM1VY-4p45AgpnXCGUxIdan2b48QUIuHnEOPJnY4p32rlY5-goiuJ6dNhXCjqFoEE7N--KgUneh63j-Ei2nzUKo4Ft-DRfrqO_ZIdJw8FKE2U3PtaAyvJw3J7KatBLB27kHY0sJwDSPjklU9v3vpFhmsvyFwMkYfqu5h0KAQ",
  "payload": "e30"
}
2024-05-16 02:32:49,831:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/351422494977/r9q9hA HTTP/1.1" 200 187
2024-05-16 02:32:49,834:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 May 2024 09:32:49 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1729295717
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/351422494977>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/351422494977/r9q9hA
Replay-Nonce: -fkSYaIhUFwCKtcM41g0JFjR5BpKSdvPxrDzEsfJln0UwqS58kE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351422494977/r9q9hA",
  "token": "-JuhSXuuxykMgI1AEkia_yrbuHks6pi3RlFN2TdUVMI"
}
2024-05-16 02:32:49,835:DEBUG:acme.client:Storing nonce: -fkSYaIhUFwCKtcM41g0JFjR5BpKSdvPxrDzEsfJln0UwqS58kE
2024-05-16 02:32:49,837:INFO:certbot._internal.auth_handler:Waiting for verification...
2024-05-16 02:32:50,839:DEBUG:acme.client:JWS payload:
b''
2024-05-16 02:32:50,856:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/351422494977:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTcyOTI5NTcxNyIsICJub25jZSI6ICItZmtTWWFJaFVGd0NLdGNNNDFnMEpGalI1QnBLU2R2UHhyRHpFc2ZKbG4wVXdxUzU4a0UiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM1MTQyMjQ5NDk3NyJ9",
  "signature": "gKikpEkZVsyObtVhN4JjRmfprkJZMkbt3EZEZD4IyI-zJHURj7WqAFC9wgNoHMlOasWwnBlK8YijR6Nkw79rZffADFQOfO5ysayN1mHrSeEEhD9h_cnWqvHWcUjMMV7CUDyyxIA6U7M2Lv2aizn0NRqZp-etYw8qu-zobwj5uzd6lAnAtB-j0lxhzlas4mVQcEgu6_PZrujH1wWbFQMlv6_lv--5P7HuTVazff4k0F95dQIF9SXqd1D75ZLxHLHmi_6w_XuwSA8bioTqXvmkLm2tadKDaRw8Lg4DuFIN9tzPLNzHGZ7PVYXUNObnS1SDFQl0Avnr9FWG29jVTIzIdw",
  "payload": ""
}
2024-05-16 02:32:50,957:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/351422494977 HTTP/1.1" 200 1021
2024-05-16 02:32:50,959:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 16 May 2024 09:32:50 GMT
Content-Type: application/json
Content-Length: 1021
Connection: keep-alive
Boulder-Requester: 1729295717
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 9tl4X0FTg5KvfLNX3CIU_vdfixh4O1ZSoH4e-uxEaB4XkOlhXxw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.oxybot.xyz"
  },
  "status": "invalid",
  "expires": "2024-05-23T09:32:43Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "68.189.64.59: Invalid response from http://www.oxybot.xyz/.well-known/acme-challenge/-JuhSXuuxykMgI1AEkia_yrbuHks6pi3RlFN2TdUVMI: 404",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351422494977/r9q9hA",
      "token": "-JuhSXuuxykMgI1AEkia_yrbuHks6pi3RlFN2TdUVMI",
      "validationRecord": [
        {
          "url": "http://www.oxybot.xyz/.well-known/acme-challenge/-JuhSXuuxykMgI1AEkia_yrbuHks6pi3RlFN2TdUVMI",
          "hostname": "www.oxybot.xyz",
          "port": "80",
          "addressesResolved": [
            "68.189.64.59"
          ],
          "addressUsed": "68.189.64.59"
        }
      ],
      "validated": "2024-05-16T09:32:49Z"
    }
  ]
}
2024-05-16 02:32:50,960:DEBUG:acme.client:Storing nonce: 9tl4X0FTg5KvfLNX3CIU_vdfixh4O1ZSoH4e-uxEaB4XkOlhXxw
2024-05-16 02:32:50,962:INFO:certbot._internal.auth_handler:Challenge failed for domain www.oxybot.xyz
2024-05-16 02:32:50,963:INFO:certbot._internal.auth_handler:http-01 challenge for www.oxybot.xyz
2024-05-16 02:32:50,964:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: www.oxybot.xyz
  Type:   unauthorized
  Detail: 68.189.64.59: Invalid response from http://www.oxybot.xyz/.well-known/acme-challenge/-JuhSXuuxykMgI1AEkia_yrbuHks6pi3RlFN2TdUVMI: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

2024-05-16 02:32:50,977:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/3699/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3699/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2024-05-16 02:32:50,978:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-05-16 02:32:50,978:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-05-16 02:32:52,271:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3699/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/3699/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/3699/lib/python3.8/site-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
  File "/snap/certbot/3699/lib/python3.8/site-packages/certbot/_internal/main.py", line 1450, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/snap/certbot/3699/lib/python3.8/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/3699/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/3699/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/3699/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/3699/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/snap/certbot/3699/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-05-16 02:32:52,287:ERROR:certbot._internal.log:Some challenges have failed.

Please show the output of

sudo apachectl -t -D DUMP_VHOSTS
oxydium@serverpi:~ $ sudo apachectl -t -D DUMP_VHOSTS
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
68.189.64.59:80        syn-068-189-064-059.res.spectrum.com (/etc/apache2/sites-enabled/webmin.1715289138.conf:1)
1 Like

That's weird. How can the --apache Certbot plugin detect the hostname www.oxybot.xyz even when it's not even configured in your Apaches virtualhost(s)? Is that some kind of Webmin quirk? Can't you use Webmin to get the certificate?

for me in webmin it is configured in my apache virtual hosts, unless I misconfigured it.

if so I'm not sure how

Would you show the contents of this file

/etc/apache2/sites-enabled/webmin.1715289138.conf

Please add 3 backticks before and after so info is not lost due to forum formatting

Like
```
contents of file
```

Also, you said Hostinger is hosting. But, your IP looks like a residential IP. Can you explain more about where your Apache is and what Hostinger does for you.

3 Likes
<VirtualHost www.oxybot.xyz:80>
    <Directory /var/www/html>
        Options None
        Require all granted
    </Directory>
    DocumentRoot /var/www/html
</VirtualHost>

I did say hostinger was hosting, I am self hosting but I bought my domain at hostinger, i misunderstood the question somehow, sorry

3 Likes

No worries. That's what I assumed but wanted to make sure.

How did that VirtualHost get created? Did you make it or did WebMin do that?

I ask because that's not a great method. You'd normally want to use name-based VirtualHosts and look something like below. This is probably why the dump-vhosts showed unusual results.

You could try making it like below and try again. Or, update your Certbot as 1.12 is very old. Many improvements have been made for handling unusual configs.

Note especially the different VirtualHost line and the new server name lines. This looks minor but the difference between IP-based and name-based VHosts is large.

<VirtualHost *:80>
    ServerName www.oxybot.xyz
    # ServerAlias oxybot.xyz     # uncomment if you want this name to work too
    <Directory /var/www/html>
        Options None
        Require all granted
    </Directory>
    DocumentRoot /var/www/html
</VirtualHost>
3 Likes

webmin did that

it did it without any errors but now it says its not sending any data when i go to my website

Nevermind, i was going to the wrong place, its working perfectly now

1 Like