Please fill out the fields below so we can help you better.
My domain is:woe.fr
I ran this command:./certibot-auto
It produced this output:
My operating system is (include version):debian 7
My web server is (include version):apache
My hosting provider, if applicable, is:OVH
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):if need
Hello every body, first sorry for my english i’m french.
I need your help today for 2 differents points:
when i try to generate https it’s write:
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: admin.woe.fr
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
Requested
02caa707299d474e8ec293ec73c023f8.8d07a8fd6a4ede67e54cac6357058a83.acme.invalid
from 37.187.7.10:443. Received certificate containing ‘woe.fr’
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
how can i solve it ?
i make a mistake fo one subdomain declaration, how can i edit it ?
Well, with regard to your second problem: you didn’t successfully get a certificate, so I guess there isn’t something to correct. Just run ./certbot-auto a second time (if the first problem is fixed ) and also include the subdomain you forgot earlier.
With regard to your first problem: this could be an issue with your Apache configuration, specifically the <VirtualHost> sections. Could you check your Apache configuration files for these <VirtualHost> sections and see if all of them are in the form of <VirtualHost *:80> or <VirtualHost *:443>? Because sometimes there are <VirtualHost *> or <VirtualHost *:*> sections and those latter ones can give problems with the SNI feature of Apache, which is needed for the TLS-SNI-01 challenge.
I'm not sure I understand. You ran ./certbot-auto without any other commands, right? After that command, you got a list of (sub)domains, fetched from your Apache configuration files, where you could specify one or more domains or subdomains, right? But because there was an error after that step (you never saw "Congratulations!", correct?), if you run ./certbot-autoagain, you can specify those (sub)domains from the same list as before, again.
Hello Osiris,
when i make ./certbot-auto, it write: please choose sub domains to generate https files (somethings like this). i can not specify new domains or subdomains. I have added last time domains, but i have make mistake, and it save it
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):2
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for admin.woe.fr
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. forums.woe.fr (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for forums.woe.fr, admin.woe.fr (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested 02caa707299d474e8ec293ec73c023f8.8d07a8fd6a4ede67e54cac6357058a83.acme.invalid from 37.187.7.10:443. Received certificate containing 'woe.fr'
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: admin.woe.fr
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
Requested
02caa707299d474e8ec293ec73c023f8.8d07a8fd6a4ede67e54cac6357058a83.acme.invalid
from 37.187.7.10:443. Received certificate containing 'woe.fr'
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
It does not ask me to add new domains..
But i don't understand what's wrong in my apache file (VirtualHost).
Have you exemple of this files ?
i have this:
But when i put * it’s simply not work, my webpage not show !
May be i have wrong information in my file:
/etc/apache2/sites-enabled/woe
or
/etc/apache2/sites-available/default
or
/etc/apache2/sites-available/default-ssl
Could you run certbot-auto with the -v switch? For more verbose output. Among that output, you'll see something like:
Performing the following challenges:
tls-sni-01 challenge for yourdomain
Adding Include /etc/apache2/vhosts.d/le_tls_sni_01_cert_challenge.conf to /files/etc/apache2/httpd.conf
writing a config file with text:
...Apache configuration stuff...
I'm interested in the apache configuration file it says there.
I still believe the error you're getting is because Apache is confused with regard of SNI. Apache has a extensive page about name-based virtual hosting, including if and how IP's are used in directives. I'm still guessing it has something to do with that. (Personally, I never use an IP address in my configuration files, because I just use one. Always a "*".)
Also: in default.conf you have a <VirtualHost *:443> section for www.woe.fr with a few ServerAliasses. Did you add that later on? Because you've got all your directives already in woe.conf. Perhaps a little bit too much
Aaaaaand, you ALSO have your woe.fr mentioned in default-ssl.conf?!? No wonder Apache doesn't understand it If I were you, I'd clean up my Apache configuration files: keep all the defaults default and just use woe.conf for your site. Also, certbot works best with just one configuration file per virtualhost section.
From the Apache site:
It is important to recognize that the first step in name-based virtual host resolution is IP-based resolution. Name-based virtual host resolution only chooses the most appropriate name-based virtual host after narrowing down the candidates to the best IP-based match. Using a wildcard (*) for the IP address in all of the VirtualHost directives makes this IP-based mapping irrelevant.
But you still have multiple double ServerName/ServerAlias directives. That is not necessary, even unwanted I guess. IMO you should give your “default” configuration files some stupid ServerName (localhost) with a non-usefull DocumentRoot. Apache will use that VirtualHost as a “default” when someone connects to your server without providing a useful hostname.
Then, you’d put your woe.fr VirtualHost sections in separate configuration files. woe.fr.conf, forum.woe.fr.conf, admin.woe.fr.conf. That way, certbot will understand it better. (Unless they bunked that bug already… )
Thx a lot Osiris,i have create with using /certbot -certonly
i must use this command for each subdomaine.
I have try to put all with comma, but not work °°
So hope renew was easy now
) and also include the subdomain you forgot earlier.
