Dry-run failing

Help
#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: delpherein.com & johnbrettbuchanan.com

I ran this command: certbot renew --dry-run

It produced this output:

Domain: delpherein.com
Type: unauthorized
Detail: Invalid response from
https://delpherein.com/errorhandling/404/404.html [67.197.206.196]:
ā€œ\r\n\r\n\r\n \r\n <meta
http-equiv=ā€œrefreshā€ content=ā€œ5;
URL=ā€˜http://www.delpherein.com/indexā€™ā€ />\r\n <ā€

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

  • The following errors were reported by the server:

    Domain: johnbrettbuchanan.com
    Type: connection
    Detail: Fetching
    http://johnbrettbuchanan.com/errorhandling/404/404.html: Too many
    redirects

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If youā€™re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): Apache 2.4.9 (through WAMP)

The operating system my web server runs on is (include version): Windows Server 2019 10.0.17763 Build 17763

My hosting provider, if applicable, is: Me

I can login to a root shell on my machine (yes or no, or I donā€™t know): Yes

Iā€™m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if youā€™re using Certbot): 1.7.0

#2

Port 80 and 443 are indeed open. I also tried stopping Apache before running but it says that --pre-hook and --post-hook are not in my path

#3

Which authenticator are you using? In the Certbot output, there should be a line like:

Plugins selected: Authenticator X, Installer Y

The ā€œtoo many redirectsā€ is indeed caused by your website:

$ curl -X GET -IL johnbrettbuchanan.com/.well-known/acme-challenge/xx
HTTP/1.1 301 Moved Permanently
Date: Fri, 14 Aug 2020 21:44:27 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/.well-known/acme-challenge/xx/
Content-Length: 379
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Fri, 14 Aug 2020 21:44:28 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/errorhandling/404/404.html
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Fri, 14 Aug 2020 21:44:28 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/errorhandling/404/404.html
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Fri, 14 Aug 2020 21:44:28 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/errorhandling/404/404.html
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Fri, 14 Aug 2020 21:44:29 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/errorhandling/404/404.html
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Fri, 14 Aug 2020 21:44:29 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/errorhandling/404/404.html
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Fri, 14 Aug 2020 21:44:29 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/errorhandling/404/404.html
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Fri, 14 Aug 2020 21:44:30 GMT
Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.3.12
Location: http://johnbrettbuchanan.com/errorhandling/404/404.html
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1

^C
1 Like
#4

I have a .htaccess file that specifies custom ErrorDocuments for 400 401 403 404 and 500. But I kinda would like that so that when a user goes to an unintended part of the site it will retort with that. Why would updating the certificate have anything to do with that? And Iā€™m not using any plugins to my knowlege

#5

You are always using one authenticator plugin. Another way to check what it is is to look in /etc/letsencrypt/renewal/johnbrettbuchanan.com.conf, and look at what the authenticator line says.

Right, I understand the value in an error document. Itā€™s just that your webserver ends up in an infinite redirect loop whenever it hits an error document, probably because you have misconfigured it some way.

Quite possibly it has nothing to do with it - that all depends on what authenticator plugin you are using.

1 Like
#6

I used Standalone, sorry. I forgot about that. How would I be able to circumvent that, do you know?

#7

If you are using standalone, then you will need to stop Apache while the renewing runs. This is because the standalone plugin runs its own web server.

I think something like this might do the trick:

certbot renew --pre-hook "net stop apache2.4" --post-hook "net start apache2.4" --dry-run

You will need to substitute those net commands with whatever command you can use to tell WAMP to stop and start the Apache server, respectively.

From some searching around, the name of the WAMP Apache service might be wampapache instead of apache2.4, but Iā€™m really not sure.

1 Like
#9

It insists that the net partition of the command does not exist

Output: e[31mUnable to find pre-hook command net in the PATH.
(PATH is C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Windows\System32\OpenSSH;C:\Program Files\nodejs;C:\composer;C:\wamp64\bin\php\php7.3.12;C:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn;C:\Program Files (x86)\Microsoft SQL Server\150\Tools\Binn;C:\Program Files\Microsoft SQL Server\150\Tools\Binn;C:\Program Files\Microsoft SQL Server\150\DTS\Binn;C:\Program Files (x86)\Certbot\bin;C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps;C:\Users\Administrator\AppData\Roaming\npm;C:\Users\Administrator\AppData\Roaming\Composer\vendor\bin;C:\Program Files (x86)\Certbot\Python)e[0m

#10

Does C:\Windows\system32\net.exe not exist on your system?

Let me boot up a Windows VM and check ā€¦

Screenshot_2020-08-15_08-16-40

1 Like
#11

OH! For some reason it booted into a cmd.exe stored in C:\Users{UNAME}. Let me try the Sys32 version

#12

Still didnā€™t work, but net.exe is present where it should be

#13

Huh. Making sure that you started cmd.exe with administrative privileges, maybe letā€™s try be more explicit about it:

certbot renew --pre-hook "C:\Windows\system32\net.exe stop wampapache" --post-hook "C:\Windows\system32\net.exe stop wampapache" --dry-run
1 Like
#14

THATā€™S IT! Thank you so much!

#15

Great! Iā€™ve reported this as a bug against Certbot as well: https://github.com/certbot/certbot/issues/8215

1 Like
#16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.