Http-01 challenge failure on raspi. Probably self-inflicted

My domain is: www.freehold-in-the-wyld.co.uk

I ran this command: sudo certbot --apache

It produced this output:

"Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


1: www.freehold-in-the-wyld.co.uk
2: [snip]


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.freehold-in-the-wyld.co.uk
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.freehold-in-the-wyld.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.freehold-in-the-wyld.co.uk/.well-known/acme-challenge/Q7pcmyeRz1gNPdvYO0pmqUcBcFhEr4RFtGxHZKvgtEc [81.102.118.44]: “\n\n404 Not Found\n\n

Not Found

\n<p”

IMPORTANT NOTES:

My web server is (include version): Server version: Apache/2.4.25 (Raspbian)

The operating system my web server runs on is (include version): PRETTY_NAME=“Raspbian GNU/Linux 9 (stretch)”

My hosting provider, if applicable, is: Self-Hosted

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

Above all filled out as requested.
I’ve seen various posts about checking to see if the . throws it off, and it seems to be working fine for me here: http://freehold-in-the-wyld.co.uk/.well-known/acme-challenge/test2.txt

Most of this is really not set up as I’m teaching myself, so I don’t know if I’ve done something wrong. Yes, the link as root goes to the default apache page, that’s something else I’m currently sorting out.

Can someone please help me out with this?

Hi @Hawk-v3

if that works, you have found your correct webroot (the folder where .well-known is a subfolder). Then use it, not the apache-authenticator:

certbot run -a webroot -i apache -w yourWebroot -d www.freehold-in-the-wyld.co.uk -d freehold-in-the-wyld.co.uk
1 Like

Hi, that seems to have worked just fine. What/where is the webroot set in the apache authenticator? I’d like to try and remedy it for future use if needed.

Thank you for your help!

2 Likes

The apache authenticator doesn't use a webroot. It creates a location definition. But it happens, that the wrong vHost is used, so that doesn't work.

--webroot uses only this path.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.