Hi, dears.
I’m renewing my cloud certificate, but I had no luck, I hope you can help me, thank you very much in advance.
My domain is: cloud.independencia.cl
I ran this command: certbot renew --dry-run
It produced this output:
Domain: cloud.independencia.cl
Type: unauthorized
Detail: Invalid response from
https://cloud.independencia.cl/.well-known/acme-challenge/Ws_5aCa8trvMNhwaHmTIHUlAVRFmU4pYa4hlTWj3JIc
[200.54.169.251]: “\n\n404 Not
Found\n\n
Not Found \n<p”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): Apache/2.4.6 (CentOS)
The operating system my web server runs on is (include version): CentOS Linux 7 (Core)
My hosting provider, if applicable, is: redirected sub-domain
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): 0.39.0
Thank you very much.
1 Like
Hi @seltone
there is a redirect http -> https. So you can't use --apache
as authenticator.
Your output is incomplete, your authenticator isn't visible.
What's the content of your Certbot config file?
There are some checks of your domain, last is ~~11 hours old - https://check-your-website.server-daten.de/?q=cloud.independencia.cl
There is the same redirect visible.
Looks like that OwnCloud has it's own rules. Perhaps try to use webroot with your https webroot.
https://certbot.eff.org/docs/using.html
1 Like
Thank you for responding so promptly, this is certbot’s configuration:
renew_before_expiry = 30 days
version = 0.39.0
archive_dir = /etc/letsencrypt/archive/cloud.independencia.cl
cert = /etc/letsencrypt/live/cloud.independencia.cl/cert.pem
privkey = /etc/letsencrypt/live/cloud.independencia.cl/privkey.pem
chain = /etc/letsencrypt/live/cloud.independencia.cl/chain.pem
fullchain = /etc/letsencrypt/live/cloud.independencia.cl/fullchain.pem
Options used in the renewal process
[renewalparams]
post_hook = service httpd reload
account = e4e130d384525765cd66b69a04c7e2ec
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = webroot
webroot_path = /var/www/html/
rsa_key_size = 4096
[[webroot_map]]
cloud.independencia.cl = /var/www/html/owncloud
schoen
January 13, 2020, 6:02pm
4
Is this really what this file says? It should presumably be cloud.independencia.cl
rather than cloud.independenciacl
here.
not estimated, when copying or writing I omitted it, sorry, but the original is .cl, thanks for joining this thread.
Pd. I edited the commentary, now it’s correct. thank you
schoen
January 13, 2020, 6:52pm
6
Is /var/www/html/owncloud
the right directory to place files into in order to have them appear on https://cloud.independencia.cl/
at the corresponding relative paths? Can you test that by creating test files?
Yes, I did it with both directories, and neither succeeded.
mkdir -p /var/www/html/.well-known/acme-challenge/
[root@owncloud renewal]# cd /
[root@owncloud /]# echo -n “Testing webroot acme challenge” > /var/www/html/.well-known/acme-challenge/test
[root@owncloud /]# curl -ikL https://cloud.independencia.cl/.well-known/acme-challenge/test
HTTP/1.1 404 Not Found
Date: Mon, 13 Jan 2020 19:15:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.22
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Length: 229
Content-Type: text/html; charset=iso-8859-1
404 Not Found
Not Found
The requested URL /.well-known/acme-challenge/test was not found on this server.
[root@owncloud /]# mkdir -p /var/www/html/owncloud/.well-known/acme-challenge/
[root@owncloud /]# echo -n “Testing webroot acme challenge” > /var/www/html/owncloud/.well-known/acme-challenge/test
[root@owncloud /]# curl -ikL https://cloud.independencia.cl/.well-known/acme-challenge/test
HTTP/1.1 404 Not Found
Date: Mon, 13 Jan 2020 19:17:21 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.22
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Length: 229
Content-Type: text/html; charset=iso-8859-1
404 Not Found
Not Found
The requested URL /.well-known/acme-challenge/test was not found on this server.
Thank you for your help.
schoen
January 13, 2020, 7:53pm
8
Could you identify a different directory that would work instead with your current Apache configuration?
yes, perform a test, in the /var/www/html directory
schoen
January 13, 2020, 9:33pm
10
It seems that this directory is not correct. Could you look in your Apache configuration to find out where files are being served from on this system? (It might be possible to find this with sudo apachectl -S
or a similar command.)
seltone
January 13, 2020, 9:50pm
11
This was the result. Thank you.
[root@owncloud ~]# httpd -S
VirtualHost configuration:
*:80 cloud.independencia.cl (/etc/httpd/conf.d/cloud.independencia.cl.conf:1)
*:443 is a NameVirtualHost
default server cloud.independencia.cl (/etc/httpd/conf.d/cloud.independencia.cl.conf:8)
port 443 namevhost cloud.independencia.cl (/etc/httpd/conf.d/cloud.independencia.cl.conf:8)
port 443 namevhost cloud.independencia.cl (/etc/httpd/conf.d/ssl.conf:56)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html/owncloud”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: “/run/httpd/httpd.pid”
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
schoen
January 13, 2020, 9:53pm
12
Could you try creating /var/www/html/owncloud/test
as a further test?
seltone
January 13, 2020, 11:40pm
13
yes, perform a test, in the /var/www/html/owncloud directory
schoen
January 13, 2020, 11:49pm
14
That’s interesting; could you now try just /.well-known
without /.well-known/acme-validation
? For example /var/www/html/owncloud/.well-known/test.html
?
seltone
January 15, 2020, 7:00am
16
I have an answer, but I still can’t renew, I mistakenly revoked the certificate , it is still possible to renew?
1 Like
system
Closed
February 14, 2020, 7:00am
17
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.