A (document) root path within the location /.well-known/acme-challenge
2 Likes
Hi, Mr. rg305,
I might not fully understand what I should do, but I chenged a-trust.ibcc.fun.conf as below.
<virtualhost *:443>
ServerName a-trust.ibcc.fun
# this path is unuseful and used only for Let's Encrypt's temporary files during the renewal process
DocumentRoot /var/www/html
# send all traffic to Icecast in plaintext
<Location "/">
ProxyPass http://localhost:8000/
ProxyPassReverse http://localhost:8000/
</Location>
# these files are served from /var/www/html to serve Let's Encrypt temporary files
<Location "/.well-known/acme-challenge">
ProxyPass https://localhost:8000/
ProxyPassReverse https://localhost:8000/
ProxyPass https://localhost:443/
ProxyPassReverse https://localhost:443/
# ProxyPass !
</Location>
<IfFile /etc/letsencrypt/live/a-trust.ibcc.fun/cert.pem>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/a-trust.ibcc.fun/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/a-trust.ibcc.fun/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/a-trust.ibcc.fun/chain.pem
</IfFile>
</virtualhost>
<VirtualHost *:80>
ServerName a-trust.ibcc.fun
Redirect / https://a-trust.ibcc.fun/
</VirtualHost>
and restarted the server.
and, I got the same result as before,
root@157-7-207-219:~# letsencrypt certonly --domain a-trust.ibcc.fun --webroot --webroot-path /var/www/html
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for a-trust.ibcc.fun
Performing the following challenges:
http-01 challenge for a-trust.ibcc.fun
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Challenge failed for domain a-trust.ibcc.fun
http-01 challenge for a-trust.ibcc.fun
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: a-trust.ibcc.fun
Type: connection
Detail: 157.7.207.219: Fetching
https://a-trust.ibcc.fun/.well-known/acme-challenge/KhkSB5z1OdnJJsb5_IXbonHgl7PX1CZMtjNHfH3OxzQ:
Error getting validation data
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
root@157-7-207-219:~#
If I made wrong change on the file, a-trust.ibdd.fun.conf .
please let me know in detail.
Thank you.
Shee
1 Like
That looks correct.
But with Apache what you see isn't always what you get.
Try placing a file in the expected challenge location:
/var/www/html/.well-known/acme-challenge/test-file-name
Then see if it can be reached via the Internet:
http://a-trust.ibcc.fun/.well-known/acme-challenge/test-file-name
3 Likes
I must have missed it earlier 
The document root was there all along.
3 Likes
You cannot have it both ways. Either:
- You have
SSLEngine Onalways, and use a snakeoil certificate as a fallback if the Let's Encrypt certificate does not exist, or - You answer the ACME challenge on port 80 without redirecting to HTTPS.
I think the latter option is probably simpler, you can do something like:
<VirtualHost *:80>
ServerName a-trust.ibcc.fun
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond "%{REQUEST_URI}" "!^/\.well-known/acme-challenge/"
RewriteRule ^(.*)$ https://a-trust.ibcc.fun$1 [R]
</VirtualHost>
Once your HTTPS virtualhost is actually HTTPS-enabled, then you can go back how you had it to before, if you want.
3 Likes
Hi Mr. rg305 & _az,
Thank you very much for your perseverance.
I changed last part of a-trust.ibcc.fun.conf as Mr. _az showed.
But I don't understand in deep, so I tried as the sentence is, and again I did it with changing "REQUEST_URL" to "a-trust.ibcc.fun".
but the result were the completely asme as below.
root@157-7-207-219:~# letsencrypt certonly --domain a-trust.ibcc.fun --webroot --webroot-path /var/www/html
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for a-trust.ibcc.fun
Performing the following challenges:
http-01 challenge for a-trust.ibcc.fun
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Challenge failed for domain a-trust.ibcc.fun
http-01 challenge for a-trust.ibcc.fun
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: a-trust.ibcc.fun
Type: connection
Detail: 157.7.207.219: Fetching
http://a-trust.ibcc.fun/.well-known/acme-challenge/JiEhsBk5HvpVIIHEPhigz6BqaKuPGaCpc959bjK0RQc:
Connection refused
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
give me advice, or tell me if I misunderstood.
Thank you.
Shee
1 Like
Port 80 is not reachable.
curl -Ii http://a-trust.ibcc.fun/
curl: (56) Recv failure: Connection reset by peer
2 Likes
I don't understand deep part of this area, but what I want to do is to connect audio stream with https so, do you think is it mean-full to change port number of the stream from 8000 to 443 at Icecast server setting?
One thing at a time.
First get the cert.
2 Likes
Hi Mr.rg305
there seems to be something invisible. I can't open it. It may not related,,,,
root@157-7-207-219:/var/www/html/.well-known/acme-challenge# ls -al .*
.:
total 8
drwxrwxrwx 2 root root 4096 Apr 15 15:13 .
drwxr-xr-x 3 root root 4096 Apr 10 22:59 ..
..:
total 12
drwxr-xr-x 3 root root 4096 Apr 10 22:59 .
drwxr-xr-x 3 root root 4096 Apr 10 22:58 ..
drwxrwxrwx 2 root root 4096 Apr 15 15:13 acme-challenge
root@157-7-207-219:/var/www/html/.well-known/acme-challenge# cd acme-challenge
-bash: cd: acme-challenge: No such file or directory
acme-challenge under acme-challenge
is it the directly itself?
It doesn't look like Apache is running at all.
Check that the config is OK:
apachectl -t
and try restart Apache:
systemctl restart apache2
3 Likes
ether commands were not accepted
the server used to answer request for icecast admin page, but now it won't.
root@157-7-207-219:~# apacheclt -t
-bash: apacheclt: command not found
root@157-7-207-219:~# systemclt restart apache2
-bash: systemclt: command not found
root@157-7-207-219:~#
root@157-7-207-219:~# service apache2 restart
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
root@157-7-207-219:~#
I don't know how to read this.
root@157-7-207-219:~# journalctl -xe
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit apache2.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Apr 15 16:57:39 157-7-207-219 systemd[1]: apache2.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit apache2.service has entered the 'failed' state with result 'exit-code'.
Apr 15 16:57:39 157-7-207-219 systemd[1]: Failed to start The Apache HTTP Server.
░░ Subject: A start job for unit apache2.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit apache2.service has finished with a failure.
░░
░░ The job identifier is 350 and the job result is failed.
Apr 15 16:57:43 157-7-207-219 sshd[1449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 16:57:45 157-7-207-219 sshd[1449]: Failed password for root from 61.177.173.58 port 64650 ssh2
Apr 15 16:57:47 157-7-207-219 sshd[1449]: Failed password for root from 61.177.173.58 port 64650 ssh2
Apr 15 16:57:51 157-7-207-219 sshd[1449]: Failed password for root from 61.177.173.58 port 64650 ssh2
Apr 15 16:57:52 157-7-207-219 sshd[1449]: Received disconnect from 61.177.173.58 port 64650:11: [preauth]
Apr 15 16:57:52 157-7-207-219 sshd[1449]: Disconnected from authenticating user root 61.177.173.58 port 64650 [preau>
Apr 15 16:57:52 157-7-207-219 sshd[1449]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= r>
Apr 15 16:58:05 157-7-207-219 sshd[1451]: Invalid user user from 213.74.115.162 port 40970
Apr 15 16:58:05 157-7-207-219 sshd[1451]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 16:58:05 157-7-207-219 sshd[1451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 16:58:07 157-7-207-219 sshd[1451]: Failed password for invalid user user from 213.74.115.162 port 40970 ssh2
Apr 15 16:58:09 157-7-207-219 sshd[1451]: Received disconnect from 213.74.115.162 port 40970:11: Bye Bye [preauth]
Apr 15 16:58:09 157-7-207-219 sshd[1451]: Disconnected from invalid user user 213.74.115.162 port 40970 [preauth]
Apr 15 16:58:20 157-7-207-219 sshd[1453]: Connection closed by 167.94.146.57 port 44868 [preauth]
Apr 15 16:58:35 157-7-207-219 sshd[1456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 16:58:37 157-7-207-219 sshd[1456]: Failed password for root from 61.177.173.58 port 25421 ssh2
Apr 15 16:58:40 157-7-207-219 sshd[1456]: Failed password for root from 61.177.173.58 port 25421 ssh2
Apr 15 16:58:40 157-7-207-219 sshd[1458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 16:58:42 157-7-207-219 sshd[1458]: Failed password for root from 43.156.238.161 port 59128 ssh2
Apr 15 16:58:42 157-7-207-219 sshd[1460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 16:58:43 157-7-207-219 sshd[1462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 16:58:44 157-7-207-219 sshd[1458]: Received disconnect from 43.156.238.161 port 59128:11: Bye Bye [preauth]
Apr 15 16:58:44 157-7-207-219 sshd[1458]: Disconnected from authenticating user root 43.156.238.161 port 59128 [prea>
Apr 15 16:58:44 157-7-207-219 sshd[1460]: Failed password for root from 41.72.219.102 port 36032 ssh2
Apr 15 16:58:44 157-7-207-219 sshd[1462]: Failed password for root from 43.153.103.80 port 35396 ssh2
Apr 15 16:58:45 157-7-207-219 sshd[1460]: Received disconnect from 41.72.219.102 port 36032:11: Bye Bye [preauth]
Apr 15 16:58:45 157-7-207-219 sshd[1460]: Disconnected from authenticating user root 41.72.219.102 port 36032 [preau>
Apr 15 16:58:45 157-7-207-219 sshd[1462]: Received disconnect from 43.153.103.80 port 35396:11: Bye Bye [preauth]
Apr 15 16:58:45 157-7-207-219 sshd[1462]: Disconnected from authenticating user root 43.153.103.80 port 35396 [preau>
Apr 15 16:58:46 157-7-207-219 sshd[1456]: Failed password for root from 61.177.173.58 port 25421 ssh2
Apr 15 16:58:51 157-7-207-219 sshd[1464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 16:58:53 157-7-207-219 sshd[1464]: Failed password for root from 84.53.228.192 port 37772 ssh2
Apr 15 16:58:56 157-7-207-219 sshd[1464]: Received disconnect from 84.53.228.192 port 37772:11: Bye Bye [preauth]
Apr 15 16:58:56 157-7-207-219 sshd[1464]: Disconnected from authenticating user root 84.53.228.192 port 37772 [preau>
Apr 15 16:59:17 157-7-207-219 sshd[1467]: Invalid user user from 213.74.115.162 port 41788
Apr 15 16:59:17 157-7-207-219 sshd[1467]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 16:59:17 157-7-207-219 sshd[1467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 16:59:20 157-7-207-219 sshd[1467]: Failed password for invalid user user from 213.74.115.162 port 41788 ssh2
Apr 15 16:59:21 157-7-207-219 sshd[1467]: Received disconnect from 213.74.115.162 port 41788:11: Bye Bye [preauth]
Apr 15 16:59:21 157-7-207-219 sshd[1467]: Disconnected from invalid user user 213.74.115.162 port 41788 [preauth]
Apr 15 16:59:32 157-7-207-219 sshd[1469]: Invalid user first from 8.37.43.159 port 43218
Apr 15 16:59:32 157-7-207-219 sshd[1469]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 16:59:32 157-7-207-219 sshd[1469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 16:59:33 157-7-207-219 sshd[1469]: Failed password for invalid user first from 8.37.43.159 port 43218 ssh2
Apr 15 16:59:34 157-7-207-219 sshd[1469]: Received disconnect from 8.37.43.159 port 43218:11: Bye Bye [preauth]
Apr 15 16:59:34 157-7-207-219 sshd[1469]: Disconnected from invalid user first 8.37.43.159 port 43218 [preauth]
Apr 15 16:59:40 157-7-207-219 sshd[1471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 16:59:42 157-7-207-219 sshd[1471]: Failed password for root from 61.177.173.58 port 32970 ssh2
Apr 15 16:59:46 157-7-207-219 sshd[1471]: Failed password for root from 61.177.173.58 port 32970 ssh2
Apr 15 16:59:49 157-7-207-219 sshd[1473]: Invalid user user from 43.153.103.80 port 58344
Apr 15 16:59:49 157-7-207-219 sshd[1473]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 16:59:49 157-7-207-219 sshd[1473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 16:59:49 157-7-207-219 sshd[1471]: Failed password for root from 61.177.173.58 port 32970 ssh2
Apr 15 16:59:51 157-7-207-219 sshd[1473]: Failed password for invalid user user from 43.153.103.80 port 58344 ssh2
Apr 15 16:59:52 157-7-207-219 sshd[1473]: Received disconnect from 43.153.103.80 port 58344:11: Bye Bye [preauth]
Apr 15 16:59:52 157-7-207-219 sshd[1473]: Disconnected from invalid user user 43.153.103.80 port 58344 [preauth]
Apr 15 16:59:55 157-7-207-219 sshd[1471]: Received disconnect from 61.177.173.58 port 32970:11: [preauth]
Apr 15 16:59:55 157-7-207-219 sshd[1471]: Disconnected from authenticating user root 61.177.173.58 port 32970 [preau>
Apr 15 16:59:55 157-7-207-219 sshd[1471]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= r>
Apr 15 17:00:01 157-7-207-219 sshd[1475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 17:00:03 157-7-207-219 sshd[1475]: Failed password for root from 61.177.173.58 port 62835 ssh2
Apr 15 17:00:04 157-7-207-219 sshd[1477]: Invalid user zabbix from 165.232.113.128 port 57070
Apr 15 17:00:05 157-7-207-219 sshd[1477]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 17:00:05 157-7-207-219 sshd[1477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 17:00:07 157-7-207-219 sshd[1477]: Failed password for invalid user zabbix from 165.232.113.128 port 57070 ss>
Apr 15 17:00:07 157-7-207-219 sshd[1479]: Invalid user admin from 84.53.228.192 port 36238
Apr 15 17:00:07 157-7-207-219 sshd[1479]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 17:00:07 157-7-207-219 sshd[1479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 17:00:08 157-7-207-219 sshd[1477]: Connection closed by invalid user zabbix 165.232.113.128 port 57070 [preau>
Apr 15 17:00:09 157-7-207-219 sshd[1475]: Failed password for root from 61.177.173.58 port 62835 ssh2
Apr 15 17:00:09 157-7-207-219 sshd[1479]: Failed password for invalid user admin from 84.53.228.192 port 36238 ssh2
Apr 15 17:00:11 157-7-207-219 sshd[1475]: Received disconnect from 61.177.173.58 port 62835:11: [preauth]
Apr 15 17:00:11 157-7-207-219 sshd[1475]: Disconnected from authenticating user root 61.177.173.58 port 62835 [preau>
Apr 15 17:00:11 157-7-207-219 sshd[1475]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rh>
Apr 15 17:00:11 157-7-207-219 sshd[1479]: Received disconnect from 84.53.228.192 port 36238:11: Bye Bye [preauth]
Apr 15 17:00:11 157-7-207-219 sshd[1479]: Disconnected from invalid user admin 84.53.228.192 port 36238 [preauth]
Apr 15 17:00:13 157-7-207-219 sshd[1481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 17:00:15 157-7-207-219 sshd[1481]: Failed password for root from 20.204.65.175 port 6080 ssh2
Apr 15 17:00:16 157-7-207-219 sshd[1481]: Received disconnect from 20.204.65.175 port 6080:11: Bye Bye [preauth]
Apr 15 17:00:16 157-7-207-219 sshd[1481]: Disconnected from authenticating user root 20.204.65.175 port 6080 [preaut>
Apr 15 17:00:28 157-7-207-219 sshd[1483]: Invalid user user from 213.74.115.162 port 46310
Apr 15 17:00:28 157-7-207-219 sshd[1483]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 17:00:28 157-7-207-219 sshd[1483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh>
Apr 15 17:00:30 157-7-207-219 sshd[1483]: Failed password for invalid user user from 213.74.115.162 port 46310 ssh2
lines 1017-1121/1121 (END)
Shall I restart the server?
I checked. please see the board.
I restart the server and test it again, but the results are the same.
root@157-7-207-219:~# apachectl -t
AH00526: Syntax error on line 35 of /etc/apache2/sites-enabled/a-trust.ibcc.fun.conf:
Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration
Action '-t' failed.
The Apache error log may have more information.
root@157-7-207-219:~# systemclt restart apache2
-bash: systemclt: command not found
root@157-7-207-219:~# service apache2 restart
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
root@157-7-207-219:~#
day before yesterday? several days ago, apache had been working, I saw icecast admin page then.
Mr. _az
I think after I added some sentences in a-trst.ibcc.fun.conf, apache2 had stopped.
I might misunderstood, but adding the lines below, syntax error had started. now I deleted those lines and aoache2 have been running.
<VirtualHost *:80>
ServerName a-trust.ibcc.fun
DocumentRoot /var/www/html
RewriteEngine On
RewriteCond "%{REQUEST_URI}" "!^/\.well-known/acme-challenge/"
RewriteRule ^(.*)$ https://a-trust.ibcc.fun$1 [R]
</VirtualHost>
I don' know this situation, but it seems to go through.
Can I think this mean "get it"?
root@157-7-207-219:/usr/share/icecast2# letsencrypt certonly --domain a-trust.ibcc.fun --webroot --webroot-path /var/www/html
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for a-trust.ibcc.fun
Performing the following challenges:
http-01 challenge for a-trust.ibcc.fun
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Subscribe to the EFF mailing list (email: shigeru@artech.jp).
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/a-trust.ibcc.fun/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/a-trust.ibcc.fun/privkey.pem
Your certificate will expire on 2023-07-14. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
root@157-7-207-219:/usr/share/icecast2#
Hi Guys,
I received key and certificates regarding one server, a-trust.ibcc.fun.
While apache had been stopped, I made some changes and when apache was started I found it was fixed, so finally I could not understand what's wrong.
Although I checked all configuration files, I couldn't find any difference between files of two servers, but server for kbc.ibcc.fun could not get certificates yet.
But I did finished one with your supports, so regarding the other one, I should do by myself.
Thank you for helping me.
I won't forget your supports.
Thank you very much.
so please close this topic.
Shee for Shigeru
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.