I ran this command: certbot certonly -d villamassaraischia.it -d www.villamassaraischia.it
OR: certbot -v --apache -d villamassaraischia.it -d www.villamassaraischia.it
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Requesting a certificate for villamassaraischia.it and www.villamassaraischia.it
Performing the following challenges:
http-01 challenge for villamassaraischia.it
http-01 challenge for www.villamassaraischia.it
Waiting for verification...
Challenge failed for domain www.villamassaraischia.it
Challenge failed for domain villamassaraischia.it
http-01 challenge for www.villamassaraischia.it
http-01 challenge for villamassaraischia.it
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: www.villamassaraischia.it
Type: unauthorized
Detail: The key authorization file from the server did not match this challenge "XAvZv8-MiEgcjnco0zhP11CGfInYtnr4CuqkAiJhp3E.Tt-MyqkzTNFL6to9vSx3eLQ9K_-u6LmigPP94yjV9ec" != "XAvZv8-MiEgcjnco0zhP11CGfInYtnr4CuqkAiJhp3E.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8"
Domain: villamassaraischia.it
Type: unauthorized
Detail: The key authorization file from the server did not match this challenge "evh1BK4flQRHf3Ougd2pnwftS2KdwIiLvQ24i43ZXHo.Tt-MyqkzTNFL6to9vSx3eLQ9K_-u6LmigPP94yjV9ec" != "evh1BK4flQRHf3Ougd2pnwftS2KdwIiLvQ24i43ZXHo.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8"
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
My web server is (include version):
Apache 2
The operating system my web server runs on is (include version):
Ubuntu 20.04
My hosting provider, if applicable, is:
OVH (vps)
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no.
Previously the website was on a shared hosting (OVH) and the certificate has been issued through Let's Encrypt. We also deleted from the control panel the SSL thinking about that the problem was generated due to this previous configuration.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.27.0
I'm going to try: certbot certonly --webroot -w /var/www/html -d villamassaraischia.it -d www.villamassaraischia.it
(I added certonly because of the webroot directive - by the way I can try in one hour due to multiple tries)
these are the directives in my virtualhost:
ServerName villamassaraischia.it
ServerAlias www.villamassaraischia.it
I tried in the meanwhile with --dry-run (with certonly due to this message: --dry-run currently only works with the 'certonly' or 'renew' subcommands ('run')) and this is the result:
Simulating a certificate request for villamassaraischia.it and www.villamassaraischia.it
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: villamassaraischia.it
Type: unauthorized
Detail: The key authorization file from the server did not match this challenge "1vj9w66HHmd-3snhijIdhDSCZbujPIuNN22PNrUTqgA.GwLjg5bYti-yBZ9W8SiViAaC18xIwphXo3EQ-m8kuzY" != "1vj9w66HHmd-3snhijIdhDSCZbujPIuNN22PNrUTqgA.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8"
Domain: www.villamassaraischia.it
Type: unauthorized
Detail: The key authorization file from the server did not match this challenge "TuHC5jyYt-5SkDFjsn8XXg8Z9o4vrdJ6mKvs7ZhLH78.GwLjg5bYti-yBZ9W8SiViAaC18xIwphXo3EQ-m8kuzY" != "TuHC5jyYt-5SkDFjsn8XXg8Z9o4vrdJ6mKvs7ZhLH78.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8"
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.```
You need to get OVH's load balancer to stop messing with your traffic, or else Certbot won't be able to get your certificate (via the webroot method anyway).
I don't have the full picture of what's happening in your situation.
If you are using the OVH load balancer, I would think that the LB will take care of HTTPS for you. In that case, you don't need to use Certbot.
If you do want to use Certbot, you can try using the Certbot OVH DNS plugin. This will work around the problem with OVH intercepting your requests. If you installed Certbot using snap, the plugin can be installed with:
sudo snap set certbot trust-plugin-with-root=ok
sudo snap install certbot-dns-ovh
We have on ovh a VPS and a couple of web hosting.
Initially villamassaraischia.it was bought and configured with a web hosting.
But due to the low performance, we changed the dns to point to our VPS (always on OVH).
I think that the VPS is behind a firewall/load balancer and that's why the traffic is intercepted.
For the domains that I bought without a web hosting, certbot is working great.
If it's actually behind a L7 load balancer, as appears to be the case, you will first want to configure the OVH load balancer to generate certificates for villamassaraischia.it and www.villamassaraischia.it.
You can also use Certbot to generate certificates using the method I outlined above, but it's not going to be enough to get HTTPS working for visitors, without the LB certificates in place as well.