Dry-run failing

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: delpherein.com & johnbrettbuchanan.com

I ran this command: certbot renew --dry-run

It produced this output:

Domain: delpherein.com
Type: unauthorized
Detail: Invalid response from
https://delpherein.com/errorhandling/404/404.html [67.197.206.196]:
“\r\n\r\n\r\n \r\n <meta
http-equiv=“refresh” content=“5;
URL=‘http://www.delpherein.com/index’” />\r\n <”

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

• The following errors were reported by the server:

  Domain: johnbrettbuchanan.com
  Type: connection
  Detail: Fetching
  http://johnbrettbuchanan.com/errorhandling/404/404.html: Too many
  redirects

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you’re using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided.

My web server is (include version): Apache 2.4.9 (through WAMP)

The operating system my web server runs on is (include version): Windows Server 2019 10.0.17763 Build 17763

My hosting provider, if applicable, is: Me

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.7.0

Port 80 and 443 are indeed open. I also tried stopping Apache before running but it says that --pre-hook and --post-hook are not in my path

Which authenticator are you using? In the Certbot output, there should be a line like:

Plugins selected: Authenticator X, Installer Y

The “too many redirects” is indeed caused by your website:

$ curl -X GET -IL johnbrettbuchanan.com/.well-known/acme-challenge/xx
HTTP/1.1 301 Moved Permanently
Date: Fri, 14 Aug 2020 21:44:27 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/.well-known/acme-challenge/xx/
Content-Length: 379
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Fri, 14 Aug 2020 21:44:28 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/errorhandling/404/404.html
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Fri, 14 Aug 2020 21:44:28 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/errorhandling/404/404.html
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Fri, 14 Aug 2020 21:44:28 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/errorhandling/404/404.html
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Fri, 14 Aug 2020 21:44:29 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/errorhandling/404/404.html
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Fri, 14 Aug 2020 21:44:29 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/errorhandling/404/404.html
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Fri, 14 Aug 2020 21:44:29 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/errorhandling/404/404.html
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Fri, 14 Aug 2020 21:44:30 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/errorhandling/404/404.html
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1

^C

I have a .htaccess file that specifies custom ErrorDocuments for 400 401 403 404 and 500. But I kinda would like that so that when a user goes to an unintended part of the site it will retort with that. Why would updating the certificate have anything to do with that? And I’m not using any plugins to my knowlege

You are always using one authenticator plugin. Another way to check what it is is to look in /etc/letsencrypt/renewal/johnbrettbuchanan.com.conf, and look at what the authenticator line says.

Right, I understand the value in an error document. It's just that your webserver ends up in an infinite redirect loop whenever it hits an error document, probably because you have misconfigured it some way.

Quite possibly it has nothing to do with it - that all depends on what authenticator plugin you are using.

I used Standalone, sorry. I forgot about that. How would I be able to circumvent that, do you know?

If you are using standalone, then you will need to stop Apache while the renewing runs. This is because the standalone plugin runs its own web server.

I think something like this might do the trick:

certbot renew --pre-hook "net stop apache2.4" --post-hook "net start apache2.4" --dry-run

You will need to substitute those net commands with whatever command you can use to tell WAMP to stop and start the Apache server, respectively.

From some searching around, the name of the WAMP Apache service might be wampapache instead of apache2.4, but I’m really not sure.

It insists that the net partition of the command does not exist

Output: e[31mUnable to find pre-hook command net in the PATH.
(PATH is C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Windows\System32\OpenSSH;C:\Program Files\nodejs;C:\composer;C:\wamp64\bin\php\php7.3.12;C:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn;C:\Program Files (x86)\Microsoft SQL Server\150\Tools\Binn;C:\Program Files\Microsoft SQL Server\150\Tools\Binn;C:\Program Files\Microsoft SQL Server\150\DTS\Binn;C:\Program Files (x86)\Certbot\bin;C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps;C:\Users\Administrator\AppData\Roaming\npm;C:\Users\Administrator\AppData\Roaming\Composer\vendor\bin;C:\Program Files (x86)\Certbot\Python)e[0m

Does C:\Windows\system32\net.exe not exist on your system?

Let me boot up a Windows VM and check …

OH! For some reason it booted into a cmd.exe stored in C:\Users{UNAME}. Let me try the Sys32 version

Still didn’t work, but net.exe is present where it should be

Huh. Making sure that you started cmd.exe with administrative privileges, maybe let’s try be more explicit about it:

certbot renew --pre-hook "C:\Windows\system32\net.exe stop wampapache" --post-hook "C:\Windows\system32\net.exe stop wampapache" --dry-run

THAT’S IT! Thank you so much!

Great! I’ve reported this as a bug against Certbot as well: https://github.com/certbot/certbot/issues/8215

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.