I don’t want to create additional noise on top of the current security issue but my understanding is that the http-01 challenge is supposed to work normally? If so then I don’t know what to do anymore.
My domain is: sittenkammer.de
My web server is: apache2 [2.4.10-10+deb8u11]
(also tested on nginx [1.6.2-5+deb8u5]
which made no difference) on raspbian 8
I ran this command (among many many others):
certbot certonly --webroot -w /var/www/html/ -d sittenkammer.de --staging
certbot always fails with
- The following errors were reported by the server:
Domain: sittenkammer.de
Type: connection
Detail: Fetching
http://185.142.180.85/sittenkammer/.well-known/acme-challenge/RfW8Z7Cwe89s3Zk7LQkQXwutbc84xeMYdmm3y0teo4c:
Error getting validation data
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
I quadrupelchecked the A Records several times, asking different DNS servers, even from different hosts.
Something weird is going on with the resolution though - I don’t know why it is trying to fetch /sittenkammer/.well-known/acme-challenge
instead of /.well-known/acme-challenge
(this is where certbot actually places the file). I did not set up this hosting environment, but looking at all the relevant configuration files leaves me clueless about this. However I tried to work around the issue by symlinking:
lrwxrwxrwx 1 root root 15 Jan 12 17:54 /var/www/html/sittenkammer/.well-known -> ../.well-known/
Last but not least I ensured with manual mode that the file is there and is fetchable, in either case. Check for yourself:
http://sittenkammer.de/.well-known/acme-challenge/RfW8Z7Cwe89s3Zk7LQkQXwutbc84xeMYdmm3y0teo4c
http://185.142.180.85/.well-known/acme-challenge/RfW8Z7Cwe89s3Zk7LQkQXwutbc84xeMYdmm3y0teo4c
http://185.142.180.85/sittenkammer/.well-known/acme-challenge/RfW8Z7Cwe89s3Zk7LQkQXwutbc84xeMYdmm3y0teo4c
They are all pointing at the same file. But acme-v01.api.letsencrypt.org
apparently can’t reach it.
This has gotten somewhat frustrating. Any help greatly appreciated!