Couldn't create https

kuhan · February 14, 2023, 6:31am

sudo certbot --apache

I got this message

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to
this Apache server and that it is accessible from the internet.
Some challenges have failed.

couldn't create https
my domain:esn.ac.lk
Server: Apache/2.4.52 (Ubuntu)

kuhan · February 14, 2023, 6:42am

sudo grep -i "error" /var/log/letsencrypt/letsencrypt.log

"error": {
"type": "urn:ietf:params:acme:error:dns",
2023-02-14 05:19:30,503:DEBUG:certbot._internal.error_handler:Encountered exception:
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-02-14 05:19:30,503:DEBUG:certbot._internal.error_handler:Calling registered functions
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-02-14 05:19:30,757:ERROR:certbot._internal.log:Some challenges have failed.
"error": {
"type": "urn:ietf:params:acme:error:dns",
2023-02-14 05:53:28,351:DEBUG:certbot._internal.error_handler:Encountered exception:
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-02-14 05:53:28,351:DEBUG:certbot._internal.error_handler:Calling registered functions
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-02-14 05:53:28,604:ERROR:certbot._internal.log:Some challenges have failed.
"error": {
"type": "urn:ietf:params:acme:error:dns",
2023-02-14 06:16:21,571:DEBUG:certbot._internal.error_handler:Encountered exception:
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-02-14 06:16:21,571:DEBUG:certbot._internal.error_handler:Calling registered functions
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-02-14 06:16:21,821:ERROR:certbot._internal.log:Some challenges have failed.

Osiris · February 14, 2023, 6:55am

Hi @kuhan,

I've moved your posts to a new thread. You shouldn't "hijack" someone elses thread. In a new thread, the following questionnaire would have been presented, please answer all the questions to the best of your knowledge:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Also, please post the entire log file, it seems the essentials are missing.

kuhan · February 14, 2023, 7:03am

My domain is: esn.ac.lk

I ran this command: sudo certbot --apache

It produced this output:
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to
this Apache server and that it is accessible from the internet.
Some challenges have failed.
My web server is
Server: Apache/2.4.52 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 22.04
My hosting provider, if applicable, is:
learn.ac.lk
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.21.0

kuhan · February 14, 2023, 8:54am

I already had a certboot https year back , after some problem I delete the https
now I need to rerun with https again but it's not working

sudo certbot --apache
got following message

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: esn.ac.lk
2: fac.esn.ac.lk
3: www.fac.esn.ac.lk
4: fag.esn.ac.lk
5: isa2023.fag.esn.ac.lk
6: www.isa2023.fag.esn.ac.lk
7: www.fag.esn.ac.lk
8: fcm.esn.ac.lk
9: www.fcm.esn.ac.lk
10: fhcs.esn.ac.lk
11: www.fhcs.esn.ac.lk
12: fot.esn.ac.lk
13: www.fot.esn.ac.lk
14: fsc.esn.ac.lk
15: www.fsc.esn.ac.lk
16: www.esn.ac.lk
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for esn.ac.lk and 15 more domains

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/esn.ac.lk/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/esn.ac.lk/privkey.pem
This certificate expires on 2023-05-15.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
File: /etc/apache2/sites-available/wdev.esn.ac.lk-le-ssl.conf - Could not be found to be deleted
 - Certbot probably shut down unexpectedly
Could not install certificate
An unexpected error occurred:
StopIteration
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
webdev@webd-severver:/etc/apache2/sites-available$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
ln: failed to create symbolic link '/usr/bin/certbot': File exists

rg305 · February 14, 2023, 3:06pm

Your Apache configuration has problems.

I'd start by reviewing that config, with the output of:
sudo apachectl -t -D DUMP_VHOSTS

Bruce5051 · February 14, 2023, 3:46pm

You might find Documentation: Apache HTTP Server - The Apache HTTP Server Project, Apache HTTP Server Support - The Apache HTTP Server Project, and https://www.apachelounge.com/ helpful as well.

kuhan · February 15, 2023, 5:06am

Didn't get any error

VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server 127.0.1.1 (/etc/apache2/sites-enabled/cedec.esn.ac.lk.conf:1)
         port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/cedec.esn.ac.lk.conf:1)
         port 80 namevhost cedec.esn.ac.lk (/etc/apache2/sites-enabled/cedec.esn.ac.lk.conf:32)
                 alias www.cedec.esn.ac.lk
         port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/fac.esn.ac.lk.conf:1)
         port 80 namevhost fac.esn.ac.lk (/etc/apache2/sites-enabled/fac.esn.ac.lk.conf:32)
                 alias www.fac.esn.ac.lk
         port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/fag.esn.ac.lk.conf:1)
         port 80 namevhost fag.esn.ac.lk (/etc/apache2/sites-enabled/fag.esn.ac.lk.conf:32)
                 alias www.fag.esn.ac.lk
         port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/fcm.esn.ac.lk.conf:1)
         port 80 namevhost fcm.esn.ac.lk (/etc/apache2/sites-enabled/fcm.esn.ac.lk.conf:32)
                 alias www.fcm.esn.ac.lk
         port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/fhcs.esn.ac.lk.conf:1)
         port 80 namevhost fhcs.esn.ac.lk (/etc/apache2/sites-enabled/fhcs.esn.ac.lk.conf:32)
                 alias www.fhcs.esn.ac.lk
         port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/fot.esn.ac.lk.conf:1)
         port 80 namevhost fot.esn.ac.lk (/etc/apache2/sites-enabled/fot.esn.ac.lk.conf:32)
                 alias www.fot.esn.ac.lk
         port 80 namevhost isa2023.fag.esn.ac.lk (/etc/apache2/sites-enabled/isa2023.fag.esn.ac.lk.conf:1)
                 alias www.isa2023.fag.esn.ac.lk
         port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/wdev.esn.ac.lk.conf:1)
         port 80 namevhost esn.ac.lk (/etc/apache2/sites-enabled/wdev.esn.ac.lk.conf:32)
                 alias www.esn.ac.lk
         port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/wfsc.esn.ac.lk.conf:1)
         port 80 namevhost fsc.esn.ac.lk (/etc/apache2/sites-enabled/wfsc.esn.ac.lk.conf:32)
                 alias www.fsc.esn.ac.lk

kuhan · February 15, 2023, 5:19am

sudo certbot renew --dry-run

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/esn.ac.lk.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Account registered.
Simulating renewal of an existing certificate for esn.ac.lk and 15 more domains

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
  /etc/letsencrypt/live/esn.ac.lk/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

kuhan · February 15, 2023, 5:34am

using certbot, domain.com-le -ssl .conf is not generated.

rg305 · February 15, 2023, 6:42am

Please show:
ls -l /etc/apache2/sites-available/

kuhan · February 15, 2023, 7:30am

-rw-r--r-- 1 root root 1332 Mar 23  2022 000-default.conf
-rw-r--r-- 1 root root 1625 Apr 27  2021 cedec.esn.ac.lk.conf
-rw-r--r-- 1 root root 6338 Mar 23  2022 default-ssl.conf
-rw-r--r-- 1 root root  676 Dec 17  2020 eusl.conf-test
-rw-r--r-- 1 root root 1793 Feb 15 06:07 fac.esn.ac.lk.conf
-rw-r--r-- 1 root root  629 Feb 15 06:17 fac.esn.ac.lk-le-ssl.conf
-rw-r--r-- 1 root root 1793 Feb 15 06:33 fag.esn.ac.lk.conf
-rw-r--r-- 1 root root  629 Feb 15 06:31 fag.esn.ac.lk-le-ssl.conf
-rw-r--r-- 1 root root 1793 Aug 16  2022 fcm.esn.ac.lk.conf
-rw-r--r-- 1 root root 1802 Sep 26 04:44 fhcs.esn.ac.lk.conf
-rw-r--r-- 1 root root 1792 May 26  2022 fot.esn.ac.lk.conf
-rw-r--r-- 1 root root  480 Aug 10  2022 isa2023.fag.esn.ac.lk.conf
-rw-r--r-- 1 root root 1786 Aug 16  2022 wdev.esn.ac.lk.conf
-rw-r--r-- 1 root root  293 Dec 17  2020 wdev.esn.ac.lk.conf-test
-rw-r--r-- 1 root root 1793 Aug 16  2022 wfsc.esn.ac.lk.conf

I have create manually fac.esn.ac.lk-le-ssl.conf, it is working but fag.esn.ac.lk-le-ssl.conf is not working
getting error

The provided host name is not valid for this server.

I am using cms drupal9

rg305 · February 15, 2023, 7:56am

Show the file:

kuhan · February 15, 2023, 8:28am

GNU nano 6.2 fag.esn.ac.lk-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName fag.esn.ac.lk
    DocumentRoot /var/www/fag.esn.ac.lk/fag
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/esn.ac.lk/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/esn.ac.lk/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/esn.ac.lk/chain.pem
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>
</VirtualHost>
</IfModule>

kuhan · February 15, 2023, 10:13am

Now everything is working, fine, thanks

system · March 17, 2023, 10:14am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.