Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
olokos.pl
kiepownica.pl
I ran this command:
sudo certbot --apache
It produced this output:
tls-sni-01 challenge for kiepownica.pl
tls-sni-01 challenge for www.kiepownica.pl
http-01 challenge for olokos.pl
http-01 challenge for www.olokos.pl
Waiting for verificationâŚ
Cleaning up challenges
Failed authorization procedure. www.olokos.pl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.olokos.pl/.well-known/acme-challenge/sjVI_BcgxRZOg_DhnU27tuePmUZpuvqL5b9gkfe6Nh4: "
404 Not Found
Not Found
<p", olokos.pl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://olokos.pl/.well-known/acme-challenge/ZkSp-d9zFmC-NOj4vFKw2Rr273IYuE7xiL_3peBKEuE: "
404 Not Found
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
Apache/2.4.18
The operating system my web server runs on is (include version):
Ubuntu Server 16.04 LTS
I can login to a root shell on my machine (yes or no, or I donât know):
yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
I seen loads of topics with the same issue, yet none of those helped meâŚ
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the requestâs Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly. #ServerNamewww.example.com
ServerAdmin kiepownica@localhost
DocumentRoot <MYLOCATIONHERE i censored it >
ServerName olokos.pl
ServerAlias www.olokos.pl
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
I donât know either. Might be nice if somebody could help me out.
That directive only replaces default 404 message with a nice and clean error page, doesnât do anything else so it canât be the problem. It was the same without it anyway.
You are not showing where the problem is and hide more than you need to.
The vhost files for the TLS are unknown. https://olokos.pl/ shows a cert for âkiepownica.plâ
There is no way for anyone to help you without more information.
try also showing the output of:
certbot --version
certbot-auto --version
which certbot
which certbot-auto
certbot certificates
Nobody has really asked me to show anything else than my conf block, which I did, censoring only document root. If it's neccesary I can show it aswell, just let me know and I will provide anything thats needed to be looked into.
kiepownica@kiepownica:~$ certbot --version
certbot 0.22.2
kiepownica@kiepownica:~$ certbot-auto --version
certbot-auto: command not found
kiepownica@kiepownica:~$ which certbot
/usr/bin/certbot
kiepownica@kiepownica:~$ which certbot-auto
kiepownica@kiepownica:~$ certbot certificates
The following error was encountered:
[Errno 13] Permission denied: '/var/log/letsencrypt/.certbot.lock'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
kiepownica@kiepownica:~$ sudo certbot certificates
[sudo] password for kiepownica:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: kiepownica.pl
Domains: kiepownica.pl www.kiepownica.pl
Expiry Date: 2018-05-21 10:38:50+00:00 (VALID: 47 days)
Certificate Path: /etc/letsencrypt/live/kiepownica.pl/fullchain.pem
Private Key Path: /etc/letsencrypt/live/kiepownica.pl/privkey.pem
@bmw, could you take a look at this? Itâs a failure with --apache in HTTP-01 challenges with 0.22.2, while TLS-SNI-01 challenges (possibly) work for the renewals on the same server.
@olokos, could you post the associated log file from /var/log/letsencrypt?
This test is a good one, but it's only relevant for issuance using --webroot, not for the recently-added HTTP-01 support in --apache. The --apache support doesn't use your existing webroot directory, so this test doesn't predict its behavior accurately.
Traceback (most recent call last):
File â/usr/bin/letsencryptâ, line 9, in
load_entry_point(âletsencrypt==0.4.1â, âconsole_scriptsâ, âletsencryptâ)()
File â/usr/lib/python2.7/dist-packages/letsencrypt/cli.pyâ, line 1955, in main
ââstrict-permissionsâ in cli_args)
File â/usr/lib/python2.7/dist-packages/letsencrypt/le_util.pyâ, line 104, in $
os.makedirs(directory, mode)
File â/usr/lib/python2.7/os.pyâ, line 157, in makedirs
mkdir(name, mode)
OSError: [Errno 13] Permission denied: â/etc/letsencryptâ
Traceback (most recent call last):
File â/usr/bin/letsencryptâ, line 9, in
load_entry_point(âletsencrypt==0.4.1â, âconsole_scriptsâ, âletsencryptâ)()
File â/usr/lib/python2.7/dist-packages/letsencrypt/cli.pyâ, line 1955, in main
ââstrict-permissionsâ in cli_args)
File â/usr/lib/python2.7/dist-packages/letsencrypt/le_util.pyâ, line 104, in $
os.makedirs(directory, mode)
File â/usr/lib/python2.7/os.pyâ, line 157, in makedirs
mkdir(name, mode)
OSError: [Errno 13] Permission denied: â/etc/letsencryptâ
It was that one
@rg305 its only a packet from what I know, it shouldnât matter too much from what I know, but what should I do in that case? Remove letsencrypt and keep just certbot?