The problem was that a coworker told me that the redirection was commented, the dns wasn't pointing to any ip address, he just corrected that, but now is redirecting that url to another url, I think the problem is that it doesn't exist the folder .well-known, how can I do in Fedora 37 to create the .well-known folder with its subfolders and all the files needed for the ssl certificate?
Certbot should create the directories automatically
4 Likes
I don't think it is related to that. For one, as 9peppe described Certbot will create the folder when using the --apache plug-in
Second, all requests to that domain get redirected to a different domain's "home" page. Even if a different page was requested. This won't work for the HTTP Challenge.
Also, the redirect uses HTTPS which fails
See requests to that "home" page get redirected to other domain and fail
curl -I http://cif.efn.unc.edu.ar
HTTP/1.1 302 Found
Server: Apache/2.4.57 (Fedora Linux) OpenSSL/3.0.8
Location: https://aulas.efn.unc.edu.ar
curl -I https://aulas.efn.unc.edu.ar
curl: (7) Failed to connect to aulas.efn.unc.edu.ar port 443 after 176 ms: Connection refused
See the URL for /.well-known... is removed from the Location
curl -I http://cif.efn.unc.edu.ar/.well-known/acme-challenge/Test123
HTTP/1.1 302 Found
Server: Apache/2.4.57 (Fedora Linux) OpenSSL/3.0.8
Location: https://aulas.efn.unc.edu.ar
curl -I https://aulas.efn.unc.edu.ar
curl: (7) Failed to connect to aulas.efn.unc.edu.ar port 443 after 176 ms: Connection refused
2 Likes
This is what I expect from that RewriteRule.
This is what I have in a .htaccess that should do what @mdeanquin needs:
## Force https
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I am not sure you can put this unedited in a config file, though.
3 Likes
I just remembered with the Apache plugin it should override any rewrite anyway. I don't think they're running certbot on that server.
3 Likes
It's a school.
I bet it's all behind some proxy device that is not configured to allow the ACME challenge requests through.
1 Like
Recreate the .well-known folder, It will resolve the issue.
SSH to your server to root directory of your website.
mkdir -p .well-known/acme-challenge
its should be www-data ownership with appropriate permissions.
Now you can re-run Certbot to renew or obtain the certificate for your domain.
sudo certbot --apache -v
If the above steps don't resolve the issue, you can check the Let's Encrypt logs at /var/log/letsencrypt/letsencrypt.log
I hope it help you.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.