I was running fine with certbot-auto, but since it is depreciated, I am trying to get back up and running. I deleted the existing certs (well, as far as I can tell) using "sudo certobt delete". I commented out the
SSLCertificateFile and SSLCertificateKeyFile entries in the domain conf files (I have sub domains). I also removed my automagic from my crontab. I deleted the certbot-auto file and purged and re-apt'ed certbot. I also commented out the http to https redirect in the config files. The challenge referenced below has the same error for all domains.
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Some challenges have failed.
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): apache 2.4.29
The operating system my web server runs on is (include version): ubuntu 18.04 64bit
My hosting provider, if applicable, is: n/a
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0
ok, cool, that worked on 2 of them (doing the same 443 section removal), but one is still not working. Same error saying that the challenge failed.
Here is the conf:
<directory /data/davidstoll.com/>
allow from all
Require all granted
</directory>
<VirtualHost *:80>
ServerName davidstoll.com
ServerAlias *.davidstoll.com
ServerAdmin none@davidstoll.com
DocumentRoot /data/davidstoll.com
#Redirect / https://davidstoll.com/
</VirtualHost>
So I don't see the same issue with this one. By the way, thank you for helping me this far!
Also, I noticed that it created a new file with the name 20_happykathi.com-le-ssl.conf
Is it no longer ok to keep everything 80 and 443 entries in one file?
Thanks
You could keep the entire config in just one file.
But more is actually better here; as it can simplify things.
Like when you need to add or remove a section (it's in a separate file).
Same error saying that the challenge failed, but just for the one domain.
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: davidstoll.com
Type: unauthorized
Detail: Invalid response from
http://davidstoll.com/.well-known/acme-challenge/wb6cMiBCJP_2HdKQi8YsUYcJR83z-x1buKgCc5s0uHs
[69.174.176.167]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>403
Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
$sudo ls -l /etc/apache2/sites-enabled
-rw-r--r-- 1 root root 373 Jan 23 2020 00_default.conf
-rw-r--r-- 1 root root 577 Jan 23 2020 01_default_directories.conf
-rw-r----- 1 root root 15332 Jan 19 08:08 15_davidstoll.net.conf
-rw-r--r-- 1 root root 4121 Jan 19 08:08 15_davidstoll.net-le-ssl.conf
-rw-r----- 1 root root 818 Jan 19 08:08 20_happykathi.com.conf
-rw-r--r-- 1 root root 497 Jan 19 08:08 20_happykathi.com-le-ssl.conf
-rw-r----- 1 root root 575 Jan 19 08:09 30_davidstoll.com.conf
The contents of the happykathi was above, now it's just duplicated in the ssl.conf version it created
The davidstoll.com (the problem domain) is essentially the same as the happykathi one, but I'll put it here anyway:
$sudo cat 30_davidstoll.net.conf
<directory /data/davidstoll.com/>
allow from all
Require all granted
</directory>
<VirtualHost *:80>
ServerName davidstoll.com
ServerAlias *.davidstoll.com
ServerAdmin none@davidstoll.com
DocumentRoot /data/davidstoll.com
#Redirect / https://davidstoll.com/
</VirtualHost>
And the .net one is the same as the .com except it just has .net in all the appropriate places.