Help with setting up letsencrypt


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: networkstats.ml

I ran this command: sudo certbot --apache

It produced this output:

sudo certbot --apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator apache, Installer apache

No names were found in your configuration files. Please enter in your domain

name(s) (comma and/or space separated) (Enter ‘c’ to cancel): networkstats.ml

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for networkstats.ml

Enabled Apache rewrite module

Waiting for verification…

Cleaning up challenges

Failed authorization procedure. networkstats.ml (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://networkstats.ml/.well-known/acme-challenge/Zs1p2MbgDwpZOQ9lubex0JIzS91WuGE0xO1q_m0e19U 92.220.14.129: 400

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: networkstats.ml

Type: unauthorized

Detail: Invalid response from

http://networkstats.ml/.well-known/acme-challenge/Zs1p2MbgDwpZOQ9lubex0JIzS91WuGE0xO1q_m0e19U

To fix these errors, please make sure that your domain name was

entered correctly and the DNS A/AAAA record(s) for that domain

contain(s) the right IP address.

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: freenom

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

What am i doing wrong?


#3

Hi @andersovreseth

your server sends a http status 400 - Bad request ( https://check-your-website.server-daten.de/?q=networkstats.ml ):

Domainname Http-Status redirect Sec. G
http://networkstats.ml/
92.220.14.129 400 0.087 M
http://www.networkstats.ml/
92.220.14.129 400 0.086 M
https://networkstats.ml/
92.220.14.129 200 5.953 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://www.networkstats.ml/
92.220.14.129 200 5.980 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
http://networkstats.ml/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
92.220.14.129 400 0.087 M
http://www.networkstats.ml/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
92.220.14.129 400 0.086 M

The result:

Bad Request
This combination of host and port requires TLS.

https://networkstats.ml:80/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

works, so you send https over port 80.

So check / share your port 80 - configuration. There is no ssl allowed.


#4

hmm, yes, probably. How can I change this? Is it an apache setting?


#5

On port 80, there’s a UniFi login screen. Did you perhaps map port 80 to some Ubiquiti device in your router?

External port 80 as wel as port 443 should obviously connect to your Apache server.


#6

Agreed, it seems both 80 and 443 are going to some UniFi SDN device:

http://networkstats.ml/
forwards to:
https://networkstats.ml/manage/account/login?redirect=%2Fmanage


closed #7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.