Got certificates for sub domains, but not top domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: pquirk.com

I ran this command:sudo certbot --apache

It produced this output:Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.pquirk.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.pquirk.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.pquirk.com/.well-known/acme-challenge/jjWdZVjlqtaGw3YOctb0KkoLOIQHoDKjbFh5kR1eCJI: “\n\n\n<meta charset=“UTF-8”>\n<meta name=“viewport” content=“width=device-width, initial-scale=1”>\n<link”

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: www.pquirk.com
  Type: unauthorized
  Detail: Invalid response from
  http://www.pquirk.com/.well-known/acme-challenge/jjWdZVjlqtaGw3YOctb0KkoLOIQHoDKjbFh5kR1eCJI:
  “\n\n\n<meta charset=“UTF-8”>\n<meta
  name=“viewport” content=“width=device-width,
  initial-scale=1”>\n<link”

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version):Apache2

The operating system my web server runs on is (include version):Ubuntu 18.04.1 LTS

My hosting provider, if applicable, is:Me

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

Additional notes: I was able to obtain valid certificates for my sub-domains, which are cloud.pquirk.com and history.pquirk.com using this utility. They exist on a virtual server that is also serving pquirk.com, so I am at a loss.

Check that you don't have multiple virtual hosts with www.pquirk.com for a ServerName or ServerAlias:

apachectl -t -D DUMP_VHOSTS

Both show: “Assessment failed: No secure protocols supported”
https://www.ssllabs.com/ssltest/analyze.html?d=pquirk.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.pquirk.com

Well, that’s interesting; it shows a problem with cloud.pquirk.com, but that certificate is fine; here’s the output:

AH00526: Syntax error on line 54 of /etc/apache2/sites-enabled/cloud.pquirk.com.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/cloud.pquirk.com/fullchain.pem’ does not exist or is empty
Action ‘-t -D DUMP_VHOSTS’ failed.
The Apache error log may have more information.

Did you run it as root?

No, I’m kinda dumb that way. Thanks for the advice, I did that, and found an original wordpress.conf file that was created before I went with virtual servers, and that was messing things up. Got my certificate now, thank you so much for the help!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.