Help with certbot

Trying to get a cert for my domain dskag.at, but somehow failing.
I’m trying this on my debian OwnCloud server and it’s not the main webserver!
The main webserver for the website is running windows, and i’m not sure if i can request a certificate from this Debian machine, i hope i can.

Any help would be very appreciated, thank you for your time and effort!
My domain is:
dskag.at

I ran this command:
sudo certbot-auto certonly --standalone -d dskag.at -d www.dskag.at

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dskag.at
http-01 challenge for www.dskag.at
Waiting for verification…
Challenge failed for domain dskag.at
Challenge failed for domain www.dskag.at
http-01 challenge for dskag.at
http-01 challenge for www.dskag.at
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: dskag.at
    Type: unauthorized
    Detail: Invalid response from http://www.dskag.at/404Error.html
    [213.47.64.105]: “\r\n\r\n\r\n\r”

    Domain: www.dskag.at
    Type: unauthorized
    Detail: Invalid response from http://www.dskag.at/404Error.html
    [213.47.64.105]: “\r\n\r\n\r\n\r”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version):
Apache/2.4.25 (Debian)

The operating system my web server runs on is (include version):
Debain 9

My hosting provider, if applicable, is:
Self hosted

I can login to a root shell on my machine (yes or no, or I don’t know):
yup

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
I don’t think so?

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.28.0

Hi @mahksy

what's your exact configuration?

Checking your domain there is an Apache / Windows ( https://check-your-website.server-daten.de/?q=dskag.at):

Domainname Http-Status redirect Sec. G
http://dskag.at/
213.47.64.105 200 0.333 H
http://www.dskag.at/
213.47.64.105 200 0.327 H
https://dskag.at/
213.47.64.105 -14 10.030 T
Timeout - The operation has timed out
https://www.dskag.at/
213.47.64.105 -14 10.027 T
Timeout - The operation has timed out
404 Dokument not found Errorpage
213.47.64.105 302 404 Dokument not found Errorpage 0.104 D
Visible Content: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 302 Found Found The document has moved here .
404 Dokument not found Errorpage
213.47.64.105 302 404 Dokument not found Errorpage 0.093 D
Visible Content: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 302 Found Found The document has moved here .
404 Dokument not found Errorpage 200 0.100
Visible Content: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 404 Dokument not found Errorpage Problem: 404 Error. The Page or File you wanted to load, does not exists on the DSKAG Austria Server. Solution: Please try to reload the page or control if you are typed in the correct URL. If the Page still not loads and you are sure there must be a page, then contact the Webmaster . If you are not sure or you tryed to download a File from a external link, load our Mainsite at www.dskag.at and search the page, if this File is still online. www.DSKAG.at

This instance answers, so if you want to use http-01 validation, a file in /.well-known/acme-challenge is created, Letsencrypt finds your domain and checks that file.

You can't run a standalone one a different machine.

/.well-known/acme-challenge shouldn't redirect to /404/Error.html

But you can switch to dns-01 validation, then you don't need a running webserver.

What is http-01 and dns-01?
And what do you mean by “You can’t run a standalone one a different machine.”?
Sorry english isn’t my first language.

I just want this to work somehow :smiley:

Thanks for your reply!

That's explained in the link I have shared.

Please read the basics:

Certbot must run on the machine with the correct ip address (if you use http-01 validation). If you want a certificate with the name dskag.at with the ip address 213.47.64.105, Certbot must run on this machine.

That’s only true for the apache, nginx, webroot or standalone authenticator. The manual plugin can be used, also for the http-01 challenge, to get a certificate on a different machine.

@mahksy Is there a specific reason why you choose to use --standalone? Are you using some kind of guide?

Perhaps you should try the following command if you are using certbot on the same machine as where your Apache runs:

sudo certbot-auto --apache -d dskag.at -d www.dskag.at

I followed a guide that basically showed how to get a signed cert from letsencrypt.

Well i have two instanced of apache running, one on windows which covers dskag.at and one on debian which runs my owncloud, i manage the debian machine and have access to the win machine, any idea where i have to request a certificate? From windows or debian, also can i change the challenge path or…?

Thanks!

Got it solved! had to move my debian webserver to be available on port 80 temporarly!
Thanks to all!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.