Error when setting up the SSL certificate


#1

I have Debian 9 server with apache on digital ocean, and i was following a guide posted on digital ocean to setup ssl with let’s encrypt. I have one domain pointed to this server with 301 permanent redirection to www. done with mod_rewrite rule enabled. During the installation it asked me for which domain to setup https and i selected the second domain (the one with www).
But in the end of the setup process i get this message: “Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.” And if i test my domain here: https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest it shows that it can’t connect to the server.

Why i am getting this error and what does it mean?


#2

Could you please fill out the questions presented when you created this post? Most notably, we would need to see what command you ran and the full output from that command. There are two prominent reasons you could get this, and a few more less common ones.


#3

I fixed it. I had to update Certbot from debian backports packages.

But i have another question. During the setup i choose to redirect all connections to https. My question is how secure is this redirection? Is it possible for someone still to access the site from http?


#4

Glad you got it sorted!

As for the redirect, the simple answer is that it’s absolute. The idea is that it configures your web server to respond to http requests with a 301 redirect pointing to the https link. So your web server wouldn’t serve any content over http.

The caveat is that this is based on your server configuration. If you have some non-standard or advanced setup that Certbot can’t parse correctly, the redirect might not work. Ultimately you would need to make sure the config is correct.

If you want some additional protection from some more sophisticated attacks, you can look into setting up HSTS on your server. Beware, though, this can break your site if you do it wrong.


#5

How exactly the redirection is implemented? I have 301 redirect implemented with rewrite rules in virtual host file, but i don’t see any redirect rules for ssl added in the file.


#6

I found a problem. If i try to open my domain from http://domain.com/ and http://www.domain.com/ it goes to https://www.domain.com/, but if i try to open the domain from https://domain.com/ it shows ‘Your connection is not secure’ and does not redirect to https://www.domain.com/. Why is that?


#7

hi team

can anyone help me in this . i have configured my web on which is up and running .Now i am going to install SSL its shows error.

[root@localhost conf.d]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): xxx.xxx.xxx
Obtaining a new certificate
Resetting dropped connection: acme-v01.api.letsencrypt.org
Performing the following challenges:
http-01 challenge for xxx.xxx.xxx
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.


#8

What’s your domain?

How is Apache configured?

Is it listening on port 80?

Is there a virtual host with domain.com in the ServerName or ServerAlias?

Do you already have a certificate for domain.com, or just www.domain.com?


#9

Since you didn’t provide your real domain name, it’s hard to say. My guess is that your certificate only covers www.domain.com, and not domain.com


#10

Yes, that was the problem.


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.