Error getting validation data

My domain is:
jpvaneijk.dyndns-home.com

I ran this command:
sudo /etc/letsencrypt/letsencrypt-auto certonly --webroot --email myemail.com -d jpvaneijk.dyndns-home.com -w /home/pi/domoticz/www/

It produced this output:
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for jpvaneijk.dyndns-home.com
Using the webroot path /home/pi/domoticz/www for all unmatched domains.
Waiting for verification…
Challenge failed for domain jpvaneijk.dyndns-home.com
http-01 challenge for jpvaneijk.dyndns-home.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: jpvaneijk.dyndns-home.com
    Type: connection
    Detail: Fetching
    http://jpvaneijk.dyndns-home.com/.well-known/acme-challenge/F0xNUok21MO-UGucJK3MATuUwC_GJUkN2XhkFYp7TIQ:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

I’m using Letsencrypt on a rasberry Pi 3B+ with the latest Debian Stretch.
I started using LE for my Domoticz application.
I’m not able to renew my existing certificate.
I was all over the internet for this and nothing worked sofar. I’m not a real crack at this so have a little patience please. What can I do solve my problem?

Many, manym many thanx in @vance!

Your site and webserver aren’t working at all.

Let’s Encrypt needs to connect to the webserver that can serve plain text files from the webroot path you provided.

Stil trying to get this to work I followed the instructions on https://www.domoticz.com/wiki/Native_secure_access_with_Lets_Encrypt again.

after the following nothing works anymore:
sudo rm ~/domoticz/server_cert.pem
sudo cat /etc/letsencrypt/live//privkey.pem >> ~/domoticz/server_cert.pem
sudo cat /etc/letsencrypt/live//fullchain.pem >> ~/domoticz/server_cert.pem
sudo cp ~/domoticz/server_cert.pem ~/domoticz/letsencrypt_server_cert.pem
sudo /etc/init.d/domoticz.sh restart

Trying to do:
pi@raspberrypi:/etc/letsencrypt $ sudo ./letsencrypt-auto

This gives the following errors. And there it is again. More lost then I was before…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): jpvaneijk.dyndns-home.com
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for jpvaneijk.dyndns-home.com
Enabled Apache rewrite module
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Unable to restart apache using [‘apache2ctl’, ‘graceful’]
Cleaning up challenges
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Unable to restart apache using [‘apache2ctl’, ‘graceful’]
Encountered exception during recovery:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/error_handler.py”, line 124, in _call_registered
self.funcs-1
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 220, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 2293, in cleanup
self.restart()
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 2163, in restart
self._reload()
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 2190, in _reload
raise errors.MisconfigurationError(error)
MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Hi @jpvaneijk

you have deleted certificates? Without creating a backup? That’s always bad.

There are two older checks of your domain ( last check - now - https://check-your-website.server-daten.de/?q=jpvaneijk.dyndns-home.com ):

Domainname Http-Status redirect Sec. G
http://jpvaneijk.dyndns-home.com/
77.163.119.241 -14 10.027 T
Timeout - The operation has timed out
https://jpvaneijk.dyndns-home.com/
77.163.119.241 200 0.327 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
http://jpvaneijk.dyndns-home.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
77.163.119.241 -14 10.026 T
Timeout - The operation has timed out
Visible Content:

There port 443 had worked.

Now your site is down:

Domainname Http-Status redirect Sec. G
http://jpvaneijk.dyndns-home.com/
77.163.119.241 -14 10.023 T
Timeout - The operation has timed out
https://jpvaneijk.dyndns-home.com/
77.163.119.241 -2 1.053 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 77.163.119.241:443
http://jpvaneijk.dyndns-home.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
77.163.119.241 -14 10.024 T
Timeout - The operation has timed out

But why

is there a running instance?

What is running there? What starts

/etc/init.d/domoticz.sh

If you use a standard setup, the files in

/etc/letsencrypt/live//fullchain.pem

are used, there is no such a copy required. But the typical standard urls are

/etc/letsencrypt/live/domainname/fullchain.pem

Thanks for all the replies to this point.
Just to be certain about some things I decided to reinstall my Pi and a fresh install of Domotics.Both updated to the latest (beta)versions
Domotics empty for now but accesible from port 80. I’ve also opend port 443. In my router both ports are opend. Clean Pi, clean Domotics but stil issues with Letsencrypt. Here below my inputs and the output. Any sugestions?
I can’t seem to copy/paste the full output due to new member restrictions?

THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
pycparser==2.19 from https://www.piwheels.org/simple/pycparser/pycparser-2.19-py2.py3-none-any.whl#sha256=344870c533812cb119c5475b5aed033ec546118711338ff9b2b78e67098d64e7 (from -r /tmp/tmp.JngxbxFxW6/letsencrypt-auto-requirements.txt (line 105)):
Expected sha256 a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3
Got 344870c533812cb119c5475b5aed033ec546118711338ff9b2b78e67098d64e7

Certbot has problem setting up the virtual environment.

We were not be able to guess the right solution from your pip
output.

Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment
for possible solutions.
You may also find some support resources at https://certbot.eff.org/support/ .
pi@raspberrypi:/etc/letsencrypt $

Please read

1 Like

That’s it JuergenAuer. Many, many thanx!!!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.