I don’t want to create additional noise on top of the current security issue but my understanding is that the http-01 challenge is supposed to work normally? If so then I don’t know what to do anymore.
My domain is: sittenkammer.de
My web server is:
apache2 [2.4.10-10+deb8u11] (also tested on
nginx [1.6.2-5+deb8u5] which made no difference) on
I ran this command (among many many others):
certbot certonly --webroot -w /var/www/html/ -d sittenkammer.de --staging
certbot always fails with
- The following errors were reported by the server: Domain: sittenkammer.de Type: connection Detail: Fetching http://126.96.36.199/sittenkammer/.well-known/acme-challenge/RfW8Z7Cwe89s3Zk7LQkQXwutbc84xeMYdmm3y0teo4c: Error getting validation data To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
I quadrupelchecked the A Records several times, asking different DNS servers, even from different hosts.
Something weird is going on with the resolution though - I don’t know why it is trying to fetch
/sittenkammer/.well-known/acme-challenge instead of
/.well-known/acme-challenge (this is where certbot actually places the file). I did not set up this hosting environment, but looking at all the relevant configuration files leaves me clueless about this. However I tried to work around the issue by symlinking:
lrwxrwxrwx 1 root root 15 Jan 12 17:54 /var/www/html/sittenkammer/.well-known -> ../.well-known/
Last but not least I ensured with manual mode that the file is there and is fetchable, in either case. Check for yourself:
They are all pointing at the same file. But
acme-v01.api.letsencrypt.org apparently can’t reach it.
This has gotten somewhat frustrating. Any help greatly appreciated!