Getting an error trying to get the certificate

signalsn · April 28, 2021, 8:25am

I ran this command:

sudo certbot --apache

It produced this output:

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.marketsfire.com
Waiting for verification...
Challenge failed for domain www.marketsfire.com
http-01 challenge for www.marketsfire.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: www.marketsfire.com
Type: unauthorized
Detail: Invalid response from
http://www.marketsfire.com/.well-known/acme-challenge/p9isu-jBKn70Y5FrhGW4vUEsNWdIfmhBpxnvQbWufpo

My web server is (include version):
Apache/2.4.41

The operating system my web server runs on is (include version):
ubuntu 20.04

JuergenAuer · April 28, 2021, 11:55am

Hi @signalsn

your configuration looks completely wrong, see marketsfire.com - Make your website better - DNS, redirects, mixed content, certificates

Your www version points to

Host	Type	IP-Address	is auth.	∑ Queries	∑ Timeout
marketsfire.com	A	109.74.192.101 London/England/United Kingdom (GB) - Linode, LLC Hostname: li139-101.members.linode.com	yes	1	0
	AAAA		yes
www.marketsfire.com		Name Error	yes	1	0
	CNAME	zmverify.zoho.com	yes	1	0
	CNAME	mail.zoho.com	yes

zoho.com, so you must run your Certbot on a Zoho - server.

I don't think that's possible.

Where do you run your Certbot? On the 109.74.192.101 ip? If yes, use the non-www domain name.

Zoho may have an integrated solution.

But there is a Bad Request 400 - looks like Zoho doesn't want / allow / know your domain.

signalsn · April 28, 2021, 7:11pm

Hi Juergen,

First of all thank you very much for your help, I really appreciate it
I'm not understanding completely. Zoho is the mail provider, I just have MX records and CNAME records related to it. The A record is pointing to the IP where the webserver is hosted.
Please explain me, why should I run certbot in Zoho is the website is hosted in Linode (109.74.192.101)?

petercooperjr · April 28, 2021, 7:18pm

Your marketsfire.com name points to 109.74.192.101
Your www.marketsfire.com name points to mail.zoho.com.

It sounds like you expect both of those names to point to your server that you're running certbot on, but they don't. So when Let's Encrypt is trying to validate that you own www.marketsfire.com it is instead getting some other server that can't fulfill the challenge.

Most people expect that the www. version does the same thing as not including it, but there's nothing in the Internet protocols that requires that to be the case, and in your case they're not. You either don't want to tell certbot to get a certificate for the www. version, or you want to fix your DNS so they both go to the same server.

signalsn · April 29, 2021, 11:07am

Thank you very much for your help!

system · May 29, 2021, 11:07am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.