Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nagios.chipscc.com

I ran this command: certbot certonly -w /usr/share/centreon/www -d nagios.chipscc.com

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?

1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Requesting a certificate for nagios.chipscc.com
Performing the following challenges:
http-01 challenge for nagios.chipscc.com
Using the webroot path /usr/share/centreon/www for all unmatched domains.
Waiting for verification...
Challenge failed for domain nagios.chipscc.com
http-01 challenge for nagios.chipscc.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: nagios.chipscc.com
  Type: unauthorized
  Detail: 38.98.228.41: Invalid response from
  http://nagios.chipscc.com/.well-known/acme-challenge/HhsZP43S6aA0WjwrPfqwba5uW7JYyHEP6vH2IZNtIEY:
  404

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version): httpd24

The operating system my web server runs on is (include version): Centos 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

Below are some more details :-
IP.1 = 172.20.25.6
DNS.1 = centreon-central
the website http://nagios.chipscc.com is accessible

please help me here to install the lets encrypt certficate

Hi @acash05sky, and welcome to the LE community forum

That requires --webroot first.
Which is why it prompted you - it didn't take that information.

That said, it won't fix the 404 error.
For that we need to confirm that document root location.
To that end, let's start by having a look at the output of:
sudo apachectl -t -D DUMP_VHOSTS
or
sudo httpd -t -D DUMP_VHOSTS
[adjust accordingly - I'm not familiar with CentOS7]

Hi rg305 , the server is running httpd24 , should i run sudo httpd24-httpd -t -D DUMP_VHOSTS ?

I wouldn't know; I'm not familiar with CentOS 7.

please find the outputs

[root@centreon-central ~]# sudo systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)
[root@centreon-central ~]# sudo systemctl status httpd24-httpd

[root@centreon-central ~]# sudo systemctl status httpd24-httpd
● httpd24-httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd24-httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2023-07-20 15:02:29 EDT; 3 months 30 days ago
Process: 10135 ExecReload=/opt/rh/httpd24/root/usr/sbin/httpd-scl-wrapper $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
Main PID: 1105 (httpd)
Status: "Total requests: 3866130; Idle/Busy workers 100/0;Requests/sec: 0.368; Bytes served/sec: 3.5KB/sec"

[root@centreon-central ~]# sudo apachectl -t -D DUMP_VHOSTS
Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::da9b:3a63:3134:11c8. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:

[root@centreon-central ~]# sudo httpd -t -D DUMP_VHOSTS
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::da9b:3a63:3134:11c8. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:

please look at this output , Are we looking for this ?

[root@centreon-central ~]# grep -ri DocumentRoot /opt/rh/httpd24
/opt/rh/httpd24/root/etc/httpd/conf/httpd.conf:# DocumentRoot: The directory out of which you will serve your
/opt/rh/httpd24/root/etc/httpd/conf/httpd.conf:DocumentRoot "/opt/rh/httpd24/root/var/www/html"
/opt/rh/httpd24/root/etc/httpd/conf/httpd.conf: # access content that does not live under the DocumentRoot.
/opt/rh/httpd24/root/usr/share/doc/httpd24-httpd-2.4.34/CHANGES: *) Core: (re)-introduce -T commandline option to suppress documentroot
/opt/rh/httpd24/root/usr/share/doc/httpd24-httpd-2.4.34/httpd-vhosts.conf: DocumentRoot "@@ServerRoot@@/docs/dummy-host.example.com"
/opt/rh/httpd24/root/usr/share/doc/httpd24-httpd-2.4.34/httpd-vhosts.conf: DocumentRoot "@@ServerRoot@@/docs/dummy-host2.example.com"
Binary file /opt/rh/httpd24/root/usr/lib64/httpd/modules/mod_vhost_alias.so matches
Binary file /opt/rh/httpd24/root/usr/sbin/httpd matches

MicrosoftTeams-image1536×630 106 KB

This might be the correct webroot path to use:

the html folder is empty , it does not contain any files

[root@centreon-central /]# cd /opt/rh/httpd24/root/var/www/html
[root@centreon-central html]# dir
[root@centreon-central html]#

MicrosoftTeams-image (1)1536×630 74.6 KB

It can be empty.
It just needs to be accessible to both certbot and httpd.

this webroot path worked

[root@centreon-central conf]# certbot certonly --webroot -w /opt/rh/httpd24/root/var/www/html -d nagios.chipscc.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): akash.patil@itsolutions-inc.com
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?

(Y)es/(N)o: Y

Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.

(Y)es/(N)o: N
Account registered.
Requesting a certificate for nagios.chipscc.com
Performing the following challenges:
http-01 challenge for nagios.chipscc.com
Using the webroot path /opt/rh/httpd24/root/var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:

• Congratulations! Your certificate and chain have been saved at:
  /etc/letsencrypt/live/nagios.chipscc.com/fullchain.pem
  Your key file has been saved at:
  /etc/letsencrypt/live/nagios.chipscc.com/privkey.pem
  Your certificate will expire on 2024-02-17. To obtain a new or
  tweaked version of this certificate in the future, simply run
  certbot again. To non-interactively renew all of your
  certificates, run "certbot renew"

• If you like Certbot, please consider supporting our work by:

  Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
  Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation

please advise for the next steps ??

MicrosoftTeams-image (2)1536×630 143 KB

Next steps for what?
I don't know what you intend on using that cert for...

But you now do have a cert.
Show:

certbot certificates

Hello @rg305 , I successfully installed the certificates on the server but there is one issue , i am able to access the website from Internet Explorer and Firefox but not through Chrome , any advise ?

Please show the error message.

HTTPS [TCP port 443] connections to your site appear to be blocked

I can reach:

• http://nagios.chipscc.com/

I can't reach:

• https://nagios.chipscc.com/

please see the screenshots , able to access site from firefox but not through chrome (on local network only)

Currently the site is not accessible from internet which is another issue but i'll deal this with my Network admin

MicrosoftTeams-image (3)1536×630 65.3 KB

MicrosoftTeams-image (4)1536×630 60.6 KB

Make sure it starts with "HTTPS://"
And that there are no proxies in use.

i am using https:// and there are no proxy

I don't see the scheme in the Chrome picture.
Also maybe clear the caches [on both] to be sure you are seeing what is there now.

@ rg305 , so sorry for the late reply, it appears to be firewall in my organization which is causing this website publicly inaccessible
I marked your suggestion as a solution

"This might be the correct webroot path to use:

It can be empty.
It just needs to be accessible to both certbot and httpd.

Thank you so much and Thanks for helping me out

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.