Domain Unauthorized

jacmath · January 25, 2023, 11:44pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jaco.ddns.net

I ran this command:sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email [redacted] -d jaco.ddns.net

It produced this output:unauthorized, o fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address

My web server is (include version): apache2 last version

The operating system my web server runs on is (include version): debian 11

My hosting provider, if applicable, is: NO-IP

I can login to a root shell on my machine (yes or no, or ): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

rg305 · January 25, 2023, 11:54pm

Hi @jacmath, and welcome to the LE community forum

That's not a version.
That means different things on different O/Ses and may mean something different tomorrow.

Please show the certbot log file, usually found at:
/var/log/letsencrypt/letsencrypt.log

and the output of:
curl ifconfig.io

and since we are talking about Apache...
sudo apachectl -t -D DUMP_VHOSTS

jacmath · January 25, 2023, 11:55pm

2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:certbot version: 1.12.0
2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:Arguments: ['--apache', '--agree-tos', '--redirect', '--hs>
2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apach>
2023-01-25 15:18:44,915:DEBUG:certbot._internal.log:Root logging level set at 20
2023-01-25 15:18:44,916:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2023-01-25 15:18:44,916:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer >
2023-01-25 15:18:44,960:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.54
2023-01-25 15:18:45,159:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f5b74aa1550>
Prep: True
2023-01-25 15:18:45,160:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._inter>
2023-01-25 15:18:45,160:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Instal>
2023-01-25 15:18:45,200:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-01-25 15:18:45,202:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencryp>
2023-01-25 15:18:45,398:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory H>
2023-01-25 15:18:45,399:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 25 Jan 2023 20:18:45 GMT
Content-Type: application/json
Content-Length: 659
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "jaqgMR7aU5g": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {

curl ifconfig.io
70.48.118.46

sudo apachectl -t -D DUMP_VHOSTS

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost debian3 (/etc/apache2/sites-enabled/jellyfin.conf:4)

rg305 · January 26, 2023, 12:02am

The IP is correct = GOOD.

There is no HTTP vhost to cover the name "jaco.ddns.net".
[if that ever worked, it was by sheer luck]

As for the logs... they seem to be chopped off [on the right side].

jacmath · January 26, 2023, 12:08am

here is the complete log

 GNU nano 5.4                          /var/log/letsencrypt/letsencrypt.log                                   
2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:certbot version: 1.12.0
2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:Arguments: ['--apache', '--agree-tos', '--redirect', '--h>
2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apac>
2023-01-25 15:18:44,915:DEBUG:certbot._internal.log:Root logging level set at 20
2023-01-25 15:18:44,916:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2023-01-25 15:18:44,916:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer>
2023-01-25 15:18:44,960:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.54
2023-01-25 15:18:45,159:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f5b74aa1550>
Prep: True
2023-01-25 15:18:45,160:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._inte>
2023-01-25 15:18:45,160:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Insta>
2023-01-25 15:18:45,200:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/director>
2023-01-25 15:18:45,202:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencry>
2023-01-25 15:18:45,398:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory >
2023-01-25 15:18:45,399:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 25 Jan 2023 20:18:45 GMT
Content-Type: application/json
Content-Length: 659
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "jaqgMR7aU5g": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",

rg305 · January 26, 2023, 12:20am

Same result

jacmath · January 26, 2023, 12:29am

Sorry about that I don't understand why how about now ?

2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:certbot version: 1.12.0

2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot

2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:Arguments: ['--apache', '--agree-tos', '--redirect', '--hs>

2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apach>

2023-01-25 15:18:44,915:DEBUG:certbot._internal.log:Root logging level set at 20

2023-01-25 15:18:44,916:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log

2023-01-25 15:18:44,916:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer >

2023-01-25 15:18:44,960:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.54

2023-01-25 15:18:45,159:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache

Description: Apache Web Server plugin

Interfaces: IAuthenticator, IInstaller, IPlugin

Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT

Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f5b74aa1550>

Prep: True

2023-01-25 15:18:45,160:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._inter>

2023-01-25 15:18:45,160:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Instal>

2023-01-25 15:18:45,200:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.

2023-01-25 15:18:45,202:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencryp>

2023-01-25 15:18:45,398:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory H>

2023-01-25 15:18:45,399:DEBUG:acme.client:Received response:

HTTP 200

Server: nginx

Date: Wed, 25 Jan 2023 20:18:45 GMT

Content-Type: application/json

Content-Length: 659

Connection: keep-alive

Cache-Control: public, max-age=0, no-cache

X-Frame-Options: DENY

Strict-Transport-Security: max-age=604800

{

"jaqgMR7aU5g": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",

"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",

"meta": {

rg305 · January 26, 2023, 12:33am

Don't you see how it is chopped at the right side?
All the lines that end with ">" would have more content further right.

Try:
cat /var/log/letsencrypt/letsencrypt.log

jacmath · January 26, 2023, 12:42am

yes but at the moment I paste it it was complete and after it become incomplete, an idea how ?? have you got an idea ?

 nano 5.4                          /var/log/letsencrypt/letsencrypt.log                                   
2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:certbot 
version: 1.12.0
2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:Location of
 certbot entry point: /usr/bin/certbot
2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:Arguments: ['--apache', 
'--agree-tos', 
'--redirect', '--h>
2023-01-25 15:18:44,905:DEBUG:certbot._internal.main:Discovered 
plugins: PluginsRegistry(PluginEntryPoint#apac>
2023-01-25 15:18:44,915:DEBUG:certbot._internal.log:Root logging 
level set at 20
2023-01-25 15:18:44,916:INFO:certbot._internal.log:Saving debug 
log to /var/log/letsencrypt/letsencrypt.log
2023-01-25 15:18:44,916:DEBUG:certbot._internal.plugins.selection
:Requested 
authenticator apache and installer>
2023-01-25 15:18:44,960:DEBUG:certbot_apache._internal.configurator:
Apache version is 2.4.54
2023-01-25 15:18:45,159:DEBUG:certbot._internal.plugins.selection:
Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator 
object at 0x7f5b74aa1550>
Prep: True
2023-01-25 15:18:45,160:DEBUG:certbot._internal.plugins.selection: 
Selected authenticator <certbot_apache._inte>
2023-01-25 15:18:45,160:INFO:certbot._internal.plugins.selection:
Plugins selected: Authenticator apache, Insta>
2023-01-25 15:18:45,200:DEBUG:acme.client:Sending GET 
request to https://acme-v02.api.letsencrypt.org/director>
2023-01-25 15:18:45,202:DEBUG:urllib3.connectionpool:Starting 
new HTTPS connection (1): acme-v02.api.letsencry>
2023-01-25 15:18:45,398:DEBUG:urllib3.connectionpool
:https://acme-v02.api.letsencrypt.org:443 "GET /directory >
2023-01-25 15:18:45,399:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 25 Jan 2023 20:18:45 GMT
Content-Type: application/json
Content-Length: 659
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

rg305 · January 26, 2023, 12:45am

save it in a text file and upload the text file.

jacmath · January 26, 2023, 1:02am

Ok I will do it tomorow
Thanks
Jack

rg305 · January 26, 2023, 3:05am

Remember to make an HTTP server block to specifically handle that FQDN.

jacmath · January 26, 2023, 2:53pm

Hi

I just realized that the other server I have (also apache), which is mostly configured like this one and works fine, but it's also configured on ports 80 and 443 in the vhost config file. I guess that's a problem? if it's the case, can I use other ports (to be forwarded)?

Sorry for my poor knowledge in this area.

thanks

Jack

rg305 · January 26, 2023, 4:50pm

Maybe...
To which IP does the router/firewall send the HTTP connections?

Bruce5051 · January 26, 2023, 5:24pm

Presently I see with curl

$ curl -Ii http://jaco.ddns.net/.well-known/acme-challenge/sometestfile
HTTP/1.1 404 Not Found
Date: Thu, 26 Jan 2023 17:22:16 GMT
Server: Apache/2.4.52 (Debian)
Content-Type: text/html; charset=iso-8859-1

jacmath · January 26, 2023, 8:35pm

Hi

That was the problem. I made some small adjustments in my router's port forwarding and finally received my certificates.
Thank you for your precious help

Jack

system · February 25, 2023, 8:36pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.