I am trying to get a Gitlab installation using the existing Apache server to play nicely with Certbot, but all I am getting is this error – glad and grateful about any leads!
My domain is: greta.youthpolicylabs.org
I ran this command: certbot certonly --agree-tos --email firstname.lastname@example.org --webroot -w /var/lib/letsencrypt/ -d greta.youthpolicylabs.org
It produced this output: Failed authorization procedure. greta.youthpolicylabs.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization.
Detail: Invalid response from
"<!DOCTYPE html>\n<html class=“devise-layout-html”>\n<head
prefix=“og: http://ogp.me/ns#”>\n<meta charset=“utf-8”>\n<meta
My web server is (include version): Apache/2.4.25 (Debian)
The operating system my web server runs on is (include version): Debian Stretch 9.8
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site: no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): 0.28.0
checking your domain there is a wrong redirect ( https://check-your-website.server-daten.de/?q=greta.youthpolicylabs.org ):
If you use http-01 validation, Certbot creates a file in /.well-known/acme-challenge, Letsencrypt checks that file.
But checking such a file there is a redirect to
http://greta.youthpolicylabs.org/users/sign_in. There is no validation file.
So check your configuration to remove that redirect, if /.well-known/acme-challenge is used.
I don‘t think that redirect can be removed – this is baked into Gitlab, and exactly my problem Is there a recommended way to add an exception for certbot to the vhost file, for example?
The apache plugin (as in
certbot --apache) should create a temporary exception automatically - is there a reason you’re using
Duuuh. There was trouble with the apache plugin in Debian for such a long time, I hadn’t bothered to check whether that was now resolved. Thanks for the pointer: worked like a charm on first attempt Supercool! Much appreciated.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.