Error Getting Validation Data

griffin · April 15, 2021, 6:26am

What are the complete contents of these files?

/etc/apache2/sites-enabled/000-default.conf
/etc/apache2/sites-enabled/000-default-le-ssl.conf

Please put 3 backticks above and below each file's contents.

What are the outputs of these commands?

sudo ls -lRa /etc/apache2/sites-available
sudo ls -lRa /etc/apache2/sites-enabled

Please put 3 backticks above and below each output.

DexterD891 · April 15, 2021, 7:16am

/etc/apache2/sites-enabled/000-default.conf



<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        #Redirect / https://cloud.sysmex-europe.com/

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =cloud.sysmex-europe.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

/etc/apache2/sites-enabled/000-default-le-ssl.conf


<IfModule mod_ssl.c>
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf


ServerName cloud.sysmex-europe.com
Redirect / https://cloud.sysmex-europe.com
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/cloud.sysmex-europe.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.sysmex-europe.com/privkey.pem

</VirtualHost>
</IfModule>

ls -lRa /etc/apache2/sites-available

drwxr-xr-x 2 root root 4096 Apr 15 09:14 .
drwxr-xr-x 8 root root 4096 Apr 14 14:28 ..
-rw-r--r-- 1 root root 1526 Apr 14 14:21 000-default.conf
-rw-r--r-- 1 root root 1727 Apr 13 14:33 000-default-le-ssl.conf
-rw-r--r-- 1 root root 6922 Apr 13 14:34 default-ssl.conf
-rw-r--r-- 1 root root 6338 Apr  5  2016 ssl_old.conf

ls -lRa /etc/apache2/sites-enabled

drwxr-xr-x 2 root root 4096 Apr 13 16:29 .
drwxr-xr-x 8 root root 4096 Apr 14 14:28 ..
lrwxrwxrwx 1 root root   35 Aug 29  2016 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root   52 Jan  5 19:32 000-default-le-ssl.conf -> /etc/apache2/sites-available/000-default-le-ssl.conf
lrwxrwxrwx 1 root root   45 Aug 29  2016 default-ssl.conf -> /etc/apache2/sites-available/default-ssl.conf

petercooperjr · April 15, 2021, 12:33pm

RewriteCond just impacts the next RewriteRule; can you post the complete .htaccess file?

griffin · April 15, 2021, 6:29pm

I forgot to ask for the contents of this one:

/etc/apache2/sites-available/default-ssl.conf

No matter though.

While it may not be the specific cause of what you're seeing, your apache configuration files certainly have some problems. Let's fix those and see what happens. Please follow the instructions below exactly and do not add additional steps in between (e.g. don't restart apache even if something else tells you to do so).

Firstly, let's disable the unnecessary sites to make way.

sudo a2dissite default-ssl.conf
sudo a2dissite 000-default.conf
sudo a2dissite 000-default-le-ssl.conf

Secondly, let's create the correct configuration file.

Please copy the following then use a text editor to paste it into a new file named /etc/apache2/sites-available/cloud.sysmex-europe.com.conf

<VirtualHost *:80>
ServerName cloud.sysmex-europe.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Thirdly, let's enable the new site.

sudo a2ensite cloud.sysmex-europe.com.conf

Fourthly, let's turn up the new site.

sudo apachectl -k graceful

The site should be working at this point via http over port 80.

Fifthly, let's install the certificate.

sudo certbot --cert-name cloud.sysmex-europe.com --apache -d "cloud.sysmex-europe.com" --force-renewal

The site should be working at this point via https over port 443.

Sixthly, let's test the certificate renewal.

sudo certbot renew --cert-name cloud.sysmex-europe.com --dry-run

DexterD891 · April 16, 2021, 8:26am

Hi Griffin,

Thanks a lot for your detailed answer.

after step sudo apachectl -k graceful, apache did not load with port 80.

Certificate was successfully installed and also renewed successfully, but the webserver is down. I guess there is some redirecting issue. Currently looking into it.

DexterD891 · April 16, 2021, 8:52am


<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
    <IfModule mod_lsapi.c>
      SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
      RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
    <IfModule mod_proxy_fcgi.c>
       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>
  </IfModule>

  <IfModule mod_env.c>
    # Add security and privacy related headers
    Header      unset X-Content-Type-Options
    Header always set X-Content-Type-Options "nosniff"
    Header      unset X-XSS-Protection
    Header always set X-XSS-Protection "1; mode=block"
    Header      unset X-Robots-Tag
    Header always set X-Robots-Tag "none"
    Header      unset X-Frame-Options
    Header always set X-Frame-Options "SAMEORIGIN"
    Header      unset X-Download-Options
    Header always set X-Download-Options "noopen"
    Header      unset X-Permitted-Cross-Domain-Policies
    Header always set X-Permitted-Cross-Domain-Policies "none"
    SetEnv modHeadersAvailable true
  </IfModule>

  # Let browsers cache CSS, JS files for half a year
  <FilesMatch "\.(css|js)$">
    Header      unset Cache-Control
    Header always set Cache-Control "max-age=15778463"
  </FilesMatch>

  # Let browsers cache WOFF files for a week
  <FilesMatch "\.woff$">
    Header      unset Cache-Control
    Header always set Cache-Control "max-age=604800"
  </FilesMatch>
</IfModule>

<IfModule mod_php5.c>
    php_value always_populate_raw_post_data -1
    php_value upload_max_filesize 513M
    php_value post_max_size 513M
    php_value memory_limit 512M
    php_value mbstring.func_overload 0
    php_value default_charset 'UTF-8'
    php_value output_buffering 0
    <IfModule mod_env.c>
      SetEnv htaccessWorking true
    </IfModule>
</IfModule>

<IfModule mod_php7.c>
    php_value upload_max_filesize 513M
    php_value post_max_size 513M
    php_value memory_limit 512M
    php_value mbstring.func_overload 0
    php_value default_charset 'UTF-8'
    php_value output_buffering 0
    <IfModule mod_env.c>
      SetEnv htaccessWorking true
    </IfModule>
</IfModule>

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates|changelog)/.* - [R=404,L]
  RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
  RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddEncoding gzip svgz
</IfModule>
<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>
#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####

ErrorDocument 403 /core/templates/403.php
ErrorDocument 404 /core/templates/404.php
<IfModule mod_rewrite.c>
  Options -MultiViews
  RewriteRule ^core/js/oc.js$ index.php [PT,E=PATH_INFO:$1]
  RewriteRule ^core/preview.png$ index.php [PT,E=PATH_INFO:$1]
  RewriteCond %{REQUEST_FILENAME} !\.(css|js|svg|gif|png|html|ttf|woff|ico|jpg|jpeg|json)$
  RewriteCond %{REQUEST_FILENAME} !core/img/favicon.ico$
  RewriteCond %{REQUEST_FILENAME} !/robots.txt
  RewriteCond %{REQUEST_FILENAME} !/remote.php
  RewriteCond %{REQUEST_FILENAME} !/public.php
  RewriteCond %{REQUEST_FILENAME} !/cron.php
  RewriteCond %{REQUEST_FILENAME} !/core/ajax/update.php
  RewriteCond %{REQUEST_FILENAME} !/status.php
  RewriteCond %{REQUEST_FILENAME} !/ocs/v1.php
  RewriteCond %{REQUEST_FILENAME} !/ocs/v2.php
  RewriteCond %{REQUEST_FILENAME} !/updater/
  RewriteCond %{REQUEST_FILENAME} !/ocs-provider/
  RewriteCond %{REQUEST_FILENAME} !/ocm-provider/
  RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
  RewriteRule . index.php [PT,E=PATH_INFO:$1]
  RewriteBase /

<IfModule mod_env.c>
    SetEnv front_controller_active true
    <IfModule mod_dir.c>
      DirectorySlash off
    </IfModule>
  </IfModule>
</IfModule>

DexterD891 · April 16, 2021, 9:10am

i reactivated the old conf files, the server is up and with the new certificate.

griffin · April 16, 2021, 5:04pm

I'm glad you got it working.

system · May 16, 2021, 5:04pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot Updates - Not Able to Renew Cert Help	37	4868	May 31, 2021
Certbot (auto)renew failed with apache server on IPV6 Help	34	3736	February 14, 2019
Certbot renew was working, now gives "Error getting validation data" Help	31	124	October 4, 2025
Error getting validation data (webserver says 200 status) Help	8	1682	August 8, 2020
Cannot renew with Certbot "Connection refused by peer" Help	92	2375	May 14, 2022

Error Getting Validation Data

Related topics