For a particular domain, when I try to add SSL certificate it shows error

Help
1

I have hosted multiple websites on my VPS server and issued SSL certificate using certbot --apache command. But when I tried to issue SSL for domain getrankmysite.com with the same command it showed following error:

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: getrankmysite.com
Type: unauthorized
Detail: 2a02:4780:11:1232:0:10cf:9173:2: Invalid response from http://getrankmysite.com/.well-known/acme-challenge/BfgJqbbA9VLj7iDSbMYXy7afP3e3aGYKXC04X07DTeM: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

2

Hi @manojkamble1998, and welcome to the LE community forum :slight_smile:

The name has two IPs; And they are being served by different web servers:

curl -Ii4 getrankmysite.com
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 05:51:04 GMT
Server: Apache/2.4.52 (Ubuntu)     <<<<<<<<<<<<<<<<<<<<<<<<< IPv4
Last-Modified: Mon, 17 Jul 2023 10:04:30 GMT
ETag: "29af-600abecb1f47f"
Accept-Ranges: bytes
Content-Length: 10671
Vary: Accept-Encoding
Content-Type: text/html

curl -Ii6 getrankmysite.com
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
date: Tue, 07 May 2024 05:51:10 GMT
server: LiteSpeed     <<<<<<<<<<<<<<<<<<<<<<<<< IPv6
location: https://getrankmysite.com/
platform: hostinger
content-security-policy: upgrade-insecure-requests

Please confirm the IP addresses connect to your server:

Name:      getrankmysite.com
Addresses: 2a02:4780:11:1232:0:10cf:9173:2
           194.163.34.181

If so, then ensure that they are being served as expected.

3 Likes
3

Thanks @rg305. I have deleted AAAA record from DNS configuration and run certbot command. Now it works as expected.

2 Likes
4

I see that.

I also see that the cert only has the "www" name:
SSL Server Test: www.getrankmysite.com (Powered by Qualys SSL Labs)

You might want to reissue the cert with both names on it [as both names resolve to the same IP]:
getrankmysite.com & www.getrankmysite.com

3 Likes
5

Maybe you need to alter the vhost to include both names first...
What shows?:
sudo apachectl -t -D DUMP_VHOSTS

3 Likes
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.