Error creating certificate

My domain is: celsusblue.space

I ran this command:
sudo certbot --apache -d celsusblue.space
and/or
sudo certbot --apache -d www.celsusblue.space

It produced this output:

The following errors were reported by the server:

Domain: celsusblue.space
Type: unauthorized
Detail: Invalid response from
http:// celsusblue. space /.well-known/acme-challenge/1THItp3rJTmXg7OjSJoQrrgTsURxFu4QrDdVandsoon
[193.x19.x2.xx0]: " \n \n\n\n""

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version):
Ubuntu:impish 21.20

The operating system my web server runs on is (include version):
QNap 5

My hosting provider, if applicable, is:
alldomain

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.12.0

1 Like

The site is not handling the challenge path correctly.
Please show:
sudo apachectl -t -D DUMP_VHOSTS

2 Likes

Hi rg305.

It says:
VirtualHost configuration:
*:80 celsusblue.space (/etc/apache2/sites-enabled/celsusblue.space.conf:1)

1 Like

OK, then let's have a look at that file:
cat /etc/apache2/sites-enabled/celsusblue.space.conf

2 Likes

This one says:

<VirtualHost *:80>
        DocumentRoot "/var/www/celsusblue.space"
        ServerName celsusblue.space
        <Directory "/var/www/celsusblue.space">
                Options MultiViews FollowSymlinks
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>

        TransferLog /var/log/apache2/celsusblue.space_access.log
        ErrorLog /var/log/apache2/celsusblue.space_error.log

</VirtualHost>

Try (this test run):

sudo certbot --apache \
--webroot -w /var/www/celsusblue.space \
-d "celsusblue.space,www.celsusblue.space" --dry-run

[copy and paste all three lines at once]

2 Likes

Error in red letters:

--dry-run currently only works with the 'certonly' or 'renew' subcommands ('run')

OK try it "for real":

sudo certbot --apache \
--webroot -w /var/www/celsusblue.space \
-d "celsusblue.space,www.celsusblue.space"
2 Likes

It tells:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Too many flags setting configurators/installers/authenticators 'apache' -> 'webroot'

Tty it this way:

sudo certbot -i apache \
--webroot -w /var/www/celsusblue.space \
-d "celsusblue.space,www.celsusblue.space"

OR this way:

sudo certbot -a webroot -i apache \
-w /var/www/celsusblue.space \
-d "celsusblue.space,www.celsusblue.space"
2 Likes

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer apache
Requesting a certificate for celsusblue.com[space] and www.celsusblue.space
Performing the following challenges:
http-01 challenge for celsusblue.com[space]
http-01 challenge for www.celsusblue.space
Using the webroot path /var/www/celsusblue.space for all unmatched domains.
Waiting for verification...
Challenge failed for domain celsusblue.com[space]
Challenge failed for domain www.celsusblue.space
http-01 challenge for celsusblue.com[space]
http-01 challenge for www.celsusblue.space
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: celsusblue.com[space]
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up A for celsusblue.com[space] -
    check that a DNS record exists for this domain

  • The following errors were reported by the server:

    Domain: www.celsusblue.space
    Type: unauthorized
    Detail: Invalid response from
    Celsusblue
    [193.19.92.130]: "\n\n\n\n"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

1 Like

TYPO
change .com to .space

Sorry, my bad.

2 Likes

Looks better. Output is shorter :slight_smile:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer apache
Requesting a certificate for celsusblue.space and www.celsusblue.space
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: celsusblue.space,www.celsusblue.space: see Rate Limits - Let's Encrypt

1 Like

Please show:
certbot certificates

2 Likes

Hmm, maybe from my earlier attempts to create one? But:

It tells:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


No certificates found.


Maybe deinstall all and re-try?

Reinstall won't change anything.

2 Likes

What I though because I re-installed the entire server once, retried and it did not change the error. Can it be .htaccess? I did not set anyhting up there.

Try it this way:

sudo certbot certonly \
--webroot -w /var/www/celsusblue.space \
-d celsusblue.com

Then, if that works:

sudo certbot certonly \
--webroot -w /var/www/celsusblue.space \
-d www.celsusblue.com

And in any case, show (again):
certbot certificates

2 Likes

with .space

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for celsusblue.space
Performing the following challenges:
http-01 challenge for celsusblue.space
Using the webroot path /var/www/celsusblue.space for all unmatched domains.
Waiting for verification...
Challenge failed for domain celsusblue.space
http-01 challenge for celsusblue.space
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: celsusblue.space
    Type: unauthorized
    Detail: Invalid response from
    Celsusblue
    [193.19.92.130]: "\n\n\n\n"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

1 Like

Let's have a look at:
sudo apachectl -t -D DUMP_VHOSTS

2 Likes