Getting error while trying to get ssl certificate for apache virtualhost


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: linuxknowledge.net

I ran this command: bertjan@webserver:~$ sudo certbot --apache -d linuxknowledge.net -d www.linuxknowledge.net

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for linuxknowledge.net
http-01 challenge for www.linuxknowledge.net
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. linuxknowledge.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://linuxknowledge.net/.well-known/acme-challenge/UJm5xu9VQ7NwJr_Lu2jP7jiaTuPdXup1-ZgjIgMZ7F4: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p", www.linuxknowledge.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.linuxknowledge.net/.well-known/acme-challenge/8E9QyhJ_tfkxdTlvxHV6ZPfxc7HheM__2bCRahXwy0s: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: linuxknowledge.net
   Type:   unauthorized
   Detail: Invalid response from
   http://linuxknowledge.net/.well-known/acme-challenge/UJm5xu9VQ7NwJr_Lu2jP7jiaTuPdXup1-ZgjIgMZ7F4:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   Domain: www.linuxknowledge.net
   Type:   unauthorized
   Detail: Invalid response from
   http://www.linuxknowledge.net/.well-known/acme-challenge/8E9QyhJ_tfkxdTlvxHV6ZPfxc7HheM__2bCRahXwy0s:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): Apache/2.4.18

The operating system my web server runs on is (include version): Ubuntu Server 16.04

My hosting provider, if applicable, is: Transip.nl

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Virtualmin / Webmin

Done so far:

  • Checked DNS at my vps provider (both A and AAAA direct to the right adresses)
  • Checked AAAA dns record on ipv6-test.com (three green checkmarks)
  • Checked firewall settings (https service enabled)
  • Created linuxknowledge.net/.well-known/acme-challenge/test with content:success (accessible by browser)
  • Ran the above certbot command as sudo su
  • Spent a good part of an evening reading topic’s on this forum.

#2

You seem to have only an A record for linuxknowledge.net and only an AAAA record for www.linuxknowledge.net - I assume that’s not intentional… I don’t think it fully explains the problem but it might be related.

Your test file doesn’t seem to appear on www.linuxknowledge.net, though maybe that’s just because you didn’t put it there (it seems to be showing an Ubuntu Apache test page so I guess it’s a different VirtualHost). I’m not sure why linuxknowledge.net isn’t working, though.

I wonder if maybe you’ve got some sort of unusual VirtualHost configuration that’s confusing certbot’s apache plugin? Perhaps try apachectl -S and see if anything unexpected pops out?


#3

Hi jmorahan,

I didn’t expect an reaction this quick.

You seem to have only an A record for linuxknowledge.net and only an AAAA record for www.linuxknowledge.net: that is correct, and nope it is not intentional, i had had only one A, and only one AAAA record.

I now have 2 A records one for linuxknowledge.net, and one for www.linuxknowledge.net.
And 2 AAAA records one for linuxknowledge.net, and one for www.linuxknowledge.net

I was, and am still able to open the test file via both linuxknowledge.net and www.linuxknowledge.net

Furthermore: I found out that my Virtualhost didn’t listen at my IPv6 Adress, i have changed that now. After i did enable this i boldly tried creating an SSL certificate,… and:

Congratulations! You have successfully enabled https://linuxknowledge.net and
https://www.linuxknowledge.net

Thank you jmorahan for your hints, and of course your time.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.