Erreur lors de la certification

aygame101 · May 24, 2022, 10:33pm

Je peux lire des réponses en Anglais : oui

Mon nom de domaine est : leblackpearl.fr

J’ai exécuté cette commande : sudo certbot --apache -d leblackpearl.fr -d www.leblackpearl.fr

Elle a produit cette sortie :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Requesting a certificate for leblackpearl.fr and www.leblackpearl.fr
Performing the following challenges:
http-01 challenge for leblackpearl.fr
http-01 challenge for www.leblackpearl.fr
Waiting for verification...
Challenge failed for domain leblackpearl.fr
Challenge failed for domain www.leblackpearl.fr
http-01 challenge for leblackpearl.fr
http-01 challenge for www.leblackpearl.fr
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: leblackpearl.fr
Type: unauthorized
Detail: 79.83.195.167: Invalid response from
http://leblackpearl.fr/.well-known/acme-challenge/LhqkhYQp6tv1pRcRzm_wZmqQsUfDKRlCKYLKMYZz8yk:
404

Domain: www.leblackpearl.fr
Type: unauthorized
Detail: 79.83.195.167: Invalid response from
http://www.leblackpearl.fr/.well-known/acme-challenge/X1MvL_PPiX5FqSAE-KmAgmZyKNFwFnUqf7B1G5NciNc:
404

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

Mon serveur Web est (inclure la version) :
Server version: Apache/2.4.53 (Debian)
Server built: 2022-03-14T16:28:35

Le système d’exploitation sur lequel mon serveur Web s’exécute est (version incluse) :
Linux raspberrypi 5.15.32-v8+ #1538 SMP PREEMPT Thu Mar 31 19:40:39 BST 2022 aarch64 GNU/Linux

Je peux me connecter à un shell root sur ma machine (oui ou non, ou je ne sais pas) : oui

J’utilise un panneau de configuration pour gérer mon site (non, ou fournit le nom et la version du panneau de configuration) : non

Bonsoir, J'ai fais un virtual host avec mon dns habituel et le nouveau que je veux mettre (ginovalton.fr celui qui est installé et certificé par let's encrypt depuis quelques mois ; et le nouveau c'est donc leblackpearl.fr). Or au moment de faire certifier le site ça m'a produit une erreur en me conseillant de regarder si mon domaine etait bien ecrit et si le DNS "A" renvoie vers la bonne iP, j'ai donc verifié le panel OVH et oui c'est la bonne IP, de toute façon le site est accessible en non sécurisé donc c'est bien la bonne IP. Je ne comprends pas ce que j'ai mal fais ><

En attendant votre aide,
Cordialement.

rg305 · May 24, 2022, 10:39pm

Hi @aygame101, welcome to the LE community forum and please excuse my Engligh

Let's see if we can help you unravel this mystery.
Show us the output of:
apachectl -t -D DUMP_VHOSTS

aygame101 · May 24, 2022, 11:46pm

hey
Thanks for the answer ^^

So. The output of the command is this :
AH00526: Syntax error on line 37 of /etc/apache2/sites-enabled/ssl-ginovalton.fr.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/ginovalton.fr/fullchain.pem' does not exist or is empty
Action '-t -D DUMP_VHOSTS' failed.
The Apache error log may have more information.

rg305 · May 25, 2022, 2:11am

Well, that is a problem.
Can you disable that site [temporarily] ?
Then try again.

Also, please show the output of:
certbot certificates

aygame101 · May 25, 2022, 10:08am

Hey, I have disable it, and done the command you say :
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: ginovalton.fr
Serial Number: 3f0ff425ba4774adab1285ef1035e5213b6
Key Type: RSA
Domains: ginovalton.fr www.ginovalton.fr
Expiry Date: 2022-08-11 18:29:45+00:00 (VALID: 78 days)
Certificate Path: /etc/letsencrypt/live/ginovalton.fr/fullchain.pem
Private Key Path: /etc/letsencrypt/live/ginovalton.fr/privkey.pem

to disable the site i have done a
sudo a2dissite leblackpearl.fr.conf
and after reload apache2

rg305 · May 25, 2022, 12:30pm

OK.
Now try enabling only the HTTP site for leblackpearl.fr and then reissue a certificate for that site.
Afterwards you can reenable the HTTPS site for leblackpearl.fr [using the new cert].

aygame101 · May 25, 2022, 1:12pm

i have the same problem
so i have enable the http conf of the website with "sudo a2ensite leblackpearl.fr.conf"
and after launch a certification : "sudo certbot --apache -d leblackpearl.fr -d www.leblackpearl.fr" and the is the same :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Requesting a certificate for leblackpearl.fr and www.leblackpearl.fr
Performing the following challenges:
http-01 challenge for leblackpearl.fr
http-01 challenge for www.leblackpearl.fr
Waiting for verification...
Challenge failed for domain leblackpearl.fr
Challenge failed for domain www.leblackpearl.fr
http-01 challenge for leblackpearl.fr
http-01 challenge for www.leblackpearl.fr
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: leblackpearl.fr
Type: unauthorized
Detail: 79.83.195.167: Invalid response from
http://leblackpearl.fr/.well-known/acme-challenge/ENKLLUWU_-9GPsmXwH4WLd7p2qfO5cg6z766gZHA_m4:
404

Domain: www.leblackpearl.fr
Type: unauthorized
Detail: 79.83.195.167: Invalid response from
http://www.leblackpearl.fr/.well-known/acme-challenge/mAshm9_vx03Lqrn1rpjfgfA2HvHSTtHJ3NNbrfKH7nM:
404

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

so i cant enable the https because i dont have a cert :<

rg305 · May 25, 2022, 1:22pm

Read again more carefully:

That means ONLY HTTP.
If that one file has both, HTTP and HTTPS, then you will need to split file file OR comment out the HTTPS portion.

aygame101 · May 25, 2022, 2:13pm

the file has only http.
In case, here is the text in the file of "leblackpearl.fr.conf" :

<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin admin@leblackpearl.fr
	ServerName leblackpearl.fr
	ServerAlias www.leblackpearl.fr
	DocumentRoot /var/www/blackpearl

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
RewriteEngine off
RewriteCond %{SERVER_NAME} =www.leblackpearlfr [OR]
RewriteCond %{SERVER_NAME} =leblackpearl.fr
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

so i have juste enable this file, and after try to get a certificate. I dont have a file for https for this website actually.

aygame101 · May 25, 2022, 2:16pm

okay. Sorry. when i have done the copy-paste of the text on my file, i see the last 4 lines with RewriteEngine and the lien following. So i try to delete it and try again. And it works

Sorry ><