Error with certbot

Hello, I have an error with my domain, but I have 2 IPv4 bitsandbytes.es and www.bitsandbytes.es
Anyone can help me, please?

My domain is: bitsandbytes.es

I ran this command: certbot certonly --webroot -w /var/www/html -d bitsandbytes.es -d www.bitsandbytes.es

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bitsandbytes.es
http-01 challenge for www.bitsandbytes.es
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. bitsandbytes.es (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://bitsandbytes.es/.well-known/acme-challenge/dgqiDxeY6Mhj0dkTuNE7g68UrLI4bjnrOomALK2vsfE [88.214.57.123]: "\n<meta http-equiv=“refresh” content=“1” /><meta http-equiv=“cache-control” content=“max-age=0” /><meta http-equiv=“c”, www.bitsandbytes.es (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.bitsandbytes.es/.well-known/acme-challenge/7RZKibIBI5lUAsz0lIipJVJPn3TZDmY55wXcGc4D5NE [88.214.57.123]: "\n<meta http-equiv=“refresh” content=“1” /><meta http-equiv=“cache-control” content=“max-age=0” /><meta http-equiv=“c”

IMPORTANT NOTES:

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: Zap-Hosting

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

Hi @JoanGTSQ

checking your domain that can't work - https://check-your-website.server-daten.de/?q=bitsandbytes.es

See the output

 http://bitsandbytes.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
88.214.57.123
	200
	
	0.040

Checking a not existing file in /.well-known/acme-challenge a http status 404 - Not Found - is expected. But there is a http status 200 and JavaScript:

Info: Html-Content with meta and/or script, may be a problem creating a Letsencrypt certificate using http-01 validation

<html> <head><meta http-equiv="refresh" content="1" /><meta http-equiv="cache-control" content="max-age=0" /><meta http-equiv="cache-control" content="no-cache" /><meta http-equiv="expires" content="-1" /><meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" /><meta http-equiv="pragma" content="no-cache" /></head> <script type="text/javascript"> function getCookie(w){ cName = ""; pCOOKIES = new Array(); pCOOKIES = document.cookie.split('; '); for(bb = 0; bb < pCOOKIES.length; bb++){ NmeVal = new Array(); NmeVal = pCOOKIES[bb].split('='); if(NmeVal[0] == w){ cName = unescape(NmeVal[1]); } } return cName; } function printCookies(w){ cStr = ""; pCOOKIES = new Array(); pCOOKIES = document.cookie.split('; '); for(bb = 0; bb < pCOOKIES.length; bb++){ NmeVal = new Array(); NmeVal = pCOOKIES[bb].split('='); if(NmeVal[0]){ cStr += NmeVal[0] + '=' + unescape(NmeVal[1]) + '; '; } } return cStr; } function setCookie(name, value, expires, path, domain, secure){ var vlad = name + "=" + escape(value); if(expires){ expires = setExpiration(expires); vlad += ";expires=" + expires; } if(path){ vlad += ";path=" + path; } if(domain){ vlad += ";domain=" + domain; } if(secure){ vlad += ';secure'; } document.cookie = vlad; } function setExpiration(cookieLife){ var today = new Date(); var expr = new Date(today.getTime() + cookieLife * 24 * 60 * 60 * 1000); return expr.toGMTString(); } function delete_cookie(name){ document.cookie = name +'=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;'; } </script> <script type="text/javascript"> delete_cookie('fb620561f4f8b25819e9b3c4fad75f85'); setCookie('fb620561f4f8b25819e9b3c4fad75f85', 'Yes', '3', '/', '300', ''); </script> <body> </body> </html>

Same with all other urls. Looks like a bot detection script, that blocks the Letsencrypt validator.

So there are two options:

  • That script is injected by your hoster -> you can't use http-validation, may be you can't create / install a Letsencrypt certificate
  • You have installed that script - remove it, if the path starts with /.well-known/acme-challenge.

How can uninstall this script?

You have root access, so you should know that.

There are a lot of older certificates.

Issuer not before not after Domain names LE-Duplicate next LE
Encryption Everywhere DV TLS CA - G1 2019-09-01 2020-07-05 *.bitsandbytes.es, bitsandbytes.es - 2 entries
Let's Encrypt Authority X3 2019-08-20 2019-11-18 bitsandbytes.es, www.bitsandbytes.es - 2 entries
Let's Encrypt Authority X3 2019-08-19 2019-11-17 bitsandbytes.es, www.bitsandbytes.es - 2 entries
Let's Encrypt Authority X3 2019-08-19 2019-11-17 bitsandbytes.es, www.bitsandbytes.es - 2 entries
Let's Encrypt Authority X3 2019-08-19 2019-11-17 bitsandbytes.es, www.bitsandbytes.es - 2 entries
Let's Encrypt Authority X3 2019-08-08 2019-11-06 server.bitsandbytes.es - 1 entries
Let's Encrypt Authority X3 2019-08-07 2019-11-05 bitsandbytes.es, www.bitsandbytes.es - 2 entries
Let's Encrypt Authority X3 2019-08-03 2019-11-01 bitsandbytes.es, www.bitsandbytes.es - 2 entries

Why there are so much certificates? Looks like your configuration is buggy. How did you create these certificates?

And there are open cPanel-ports. So you shouldn't mix cPanel with an own client.

I have the roort acces but not which script I have to uninstall, and the log that you post is so rare I only use the command that I post

It starts like this

<html>
<head><meta http-equiv="refresh" content="1" /><meta http-equiv="cache-control" content="max-age=0" /><meta http-equiv="cache-control" content="no-cache" /><meta http-equiv="expires" content="-1" /><meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" /><meta http-equiv="pragma" content="no-cache" /></head>
<script type="text/javascript">
function getCookie(w){
	cName = "";
	pCOOKIES = new Array();
	pCOOKIES = document.cookie.split('; ');
	for(bb = 0; bb < pCOOKIES.length; bb++){
		NmeVal  = new Array();
		NmeVal  = pCOOKIES[bb].split('=');
		if(NmeVal[0] == w){
			cName = unescape(NmeVal[1]);
		}
	}
	return cName;
}
function printCookies(w){
	cStr = "";
	pCOOKIES = new Array();
	pCOOKIES = document.cookie.split('; ');
	for(bb = 0; bb < pCOOKIES.length; bb++){
		NmeVal  = new Array();
		NmeVal  = pCOOKIES[bb].split('=');
		if(NmeVal[0]){
			cStr += NmeVal[0] + '=' + unescape(NmeVal[1]) + '; ';
		}
	}
	return cStr;
}
function setCookie(name, value, expires, path, domain, secure){
	var vlad = name + "=" + escape(value);
	if(expires){
		expires = setExpiration(expires);
		vlad += ";expires=" + expires;
	}
	if(path){
		vlad += ";path=" + path;
	}
	if(domain){
		vlad += ";domain=" + domain;
	}
	if(secure){
		vlad += ';secure';
	}
document.cookie = vlad;
}
function setExpiration(cookieLife){
    var today = new Date();
    var expr = new Date(today.getTime() + cookieLife * 24 * 60 * 60 * 1000);
    return  expr.toGMTString();
}
function delete_cookie(name){
  document.cookie = name +'=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;';
}
</script>

Perhaps you could figure out what that might be.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.