My domain is: kameleon.fr I’m using ./certbot-auto and I don’t understand the error :
sudo ./certbot-auto --apache -d srv-a.kameleon.fr
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for srv-a.kameleon.fr
Waiting for verification...
Challenge failed for domain srv-a.kameleon.fr
http-01 challenge for srv-a.kameleon.fr
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: srv-a.kameleon.fr
Type: unauthorized
Detail: Invalid response from
http://srv-a.kameleon.fr/.well-known/acme-challenge/P8U8he1KNC10bo-iEcuVmp8g9s0f6Kta992BrggW7VI
[163.172.131.140]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I don’t really need the “www” , I’ll probably delete the entry in my registar panel.
but I would have liked to understand a little more Certbot.
For my other installed domains declared on my machine, I start by creating a simple Vhost *: 80, then I launch Certbot with its Apache module, and I have the impression that it looks at the configuration of Vhost and created itself the https version; “very cool”.
But for this one, he does not want to. The only thing different I see is that this is the domain that is declared as host of my machine.
I tried to regenerate the cert for srv-a.kameleon.fr but something goes wrong…
sudo ./certbot-auto certonly -d srv-a.kameleon.fr --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator apache, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for srv-a.kameleon.fr
Waiting for verification...
Challenge failed for domain srv-a.kameleon.fr
http-01 challenge for srv-a.kameleon.fr
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: srv-a.kameleon.fr
Type: unauthorized
Detail: Invalid response from
http://srv-a.kameleon.fr/.well-known/acme-challenge/4QidPgZN10D9Kw1enho0fFDSt0R-3wvIykHWYSMEbfo
[163.172.131.140]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
My DNS Zone for settings for type A inputs look correct :
kameleon.fr. 0 A 163.172.131.140
master.kameleon.fr. 0 A 163.172.131.140
srv-a.kameleon.fr. 0 A 163.172.131.140
Hi Juergen, I fixed the document root and relaunch certbot-auto but still have mismatch common name " |Common names|scw-60ac07|| --- | --- |Alternative names|- **INVALID**|"
After reading lot of posts this night in the forum, I found this one, very similar of my own "
and after exploring my memory I remember that this domain is very young in my server config, and probably my ex sys-admin didn’t use certbot-apache to deploy it. Damned !
How can I erase it and replace whith a fresh new one from my favorite little bot ?
Thanks a lot.
here my las command :
sudo ./certbot-auto --apache --cert-name srv-a.kameleon.fr
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/srv-a.kameleon.fr.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
choose option : 1
then :
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
choose opation : 1 too…
then :
Congratulations! You have successfully enabled https://srv-a.kameleon.fr and
https://www.srv-a.kameleon.fr
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=srv-a.kameleon.fr
https://www.ssllabs.com/ssltest/analyze.html?d=www.srv-a.kameleon.fr