Hello,
I have the same issue.
When I initially configure both domains with no SSL - they all worked as expected.
Domain 1 : vizdata.ca
Domain 2: iseries.world
Running on Ubuntu - Release: 24.04
Certbot : certbot 2.9.0
@ebaum I moved your post to its own thread. We prefer each problem to have its own so we can give personalized advice.
Also, your post wasn't "the same" as the original. Your problem is with an Apache server. The other thread was for nginx.
Had you posted in Help first you would have been shown the form below. Please complete as much as you can. Also please post copy/paste of text instead of images. It is more difficult for us to interpret and use images. Please also include the full text of the errors or output as your image clipped the most important right side
===========================================
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
1 Like
Thank you Mike,
My domain is: iseries.world
Command : sudo certbot --apache
Output:
"
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: iseries.world
Type: connection
Detail: During secondary validation: 99.247.240.88: Fetching http://iseries.world/.well-known/acme-challenge/8-6eYFdaKl7HA8bgQI9ccQ9bR4P46Yoq3ekNkViFKdc: Error getting validation data
Domain: www.iseries.world
Type: connection
Detail: During secondary validation: 99.247.240.88: Fetching http://www.iseries.world/.well-known/acme-challenge/Hx78mI7DFE_VCI2QsvajKumi3tWnUWwDzvlFp73Xplk: Error getting validation data
"
The operating system my web server runs on is (include version): Ubuntu : 24.04 LTS
My web server : Server: Apache/2.4.58 (Ubuntu)
Hosting provider : home
I can login as root : Yes
Certbot Version: certbot 2.9.0
Thank you.
That is a failure of the Let's Encrypt server to connect using HTTP to your domain server.
That it says "Secondary" means the "Primary" LE server did connect but one or more of the secondaries failed. This usually means you have a firewall that is selectively blocking regions of the world (call geo blocking) or perhaps blocking specific IP addresses / ranges.
I cannot connect to your server from my own test server. And, Let's Debug reproduces this same connection failure.
Do you have any firewall? Can you disable it temporarily and try again? Use the Let's Debug site and "Rerun test" after changes to check
From my own test server to your "home" page:
curl -i http://iseries.world
curl: (52) Empty reply from server
1 Like
I am using OpnSense with Zenarmor plugin installed (community edition for now)
I did not intentionally configure any rules to prevent traffic based on Geo or any other parameters.
port80.pcap (4 KB)
When I have installed Apache - both sites worked over HTTP.
Both web sites are on the same local VM as Virtual Hosts.
Please see attached PCAP file.
I think packets are getting thru the firewall as port forwarding is setup.
Yes, I see one request incoming to you from that pcap.
And, if I run Let's Debug 6 times in a row (like I just did) I see 1 success and 5 failures.
What happens if you run Let's Debug test multiple times in sequence?
Can you check the logs of the firewall? Do you see /.well-known/acme-challenge/... requests getting blocked?
2 Likes
Hello Mike,
My apologies did not see your response via emails.
I disable a few default block categories on ZenArmor and it worked.
Lets encrypt debug and certbot worked.
I was able to obtain the certificates for .world site.
Thank you very much for your help.
1 Like