I can not get a certificate - help

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: tehcxweb.xyz

I ran this command:[tav@mail etc]$ sudo /usr/local/bin/certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email tav@tehcxweb.xyz -d mail.tehcxweb.xyz

It produced this output:Domain: mail.tehcxweb.xyz
Type: unauthorized
Detail: Invalid response from
http://mail.tehcxweb.xyz/.well-known/acme-challenge/dxr3QM6IEZtNTYBjlXp6MwiLJLvcNjdxvNtmxOUo44w
[77.79.135.68]: “\n\n400 Bad
Request\n\n

Bad Request</h1”

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version):apache

The operating system my web server runs on is (include version):
redhat 8.1
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 1.3.0

my A record has the following form.
A mail → 77.79.135.68
Test A records pass.
I do not understand what the error is.

If you open http://mail.tehcxweb.xyz/ in a browser, you can see the rest of the error message on the page: Apache is configured to run HTTPS on port 80, the HTTP port, so connecting using HTTP doesn’t work.

If you open https://mail.tehcxweb.xyz:80/, you get a “Test Page for the Apache HTTP Server on Red Hat Enterprise Linux” page with a certificate for www.tehcxweb.xyz issued by GlobalSign.

If some kind of port forwarding is involved, make sure port 80 is forwarding to port 80 (and port 443 is forwarding to port 443).

If that’s not the issue, you need to examine to Apache configuration to find what’s wrong.

sudo httpd -t -D DUMP_VHOSTS” can show a helpful summary of the virtual hosts.

1 Like

VirtualHost configuration:
*:443 is a NameVirtualHost
default server r.crypexs.com (/etc/httpd/conf.d/r.crypexs.com.conf:1)
port 443 namevhost r.crypexs.com (/etc/httpd/conf.d/r.crypexs.com.conf:1)
alias www.r.crypexs.com
port 443 namevhost tehcxweb.xyz (/etc/httpd/conf.d/ssl.conf:40)
*:80 is a NameVirtualHost
default server tehcxweb.xyz (/etc/httpd/conf.d/le-redirect-tehcxweb.xyz.conf:1)
port 80 namevhost tehcxweb.xyz (/etc/httpd/conf.d/le-redirect-tehcxweb.xyz.conf:1)
port 80 namevhost mail.tehcxweb.xyz (/etc/httpd/conf.d/mail.tehcxweb.xyz.conf:1)
port 80 namevhost r.crypexs.com (/etc/httpd/conf.d/r.crypexs.com.conf:1)
alias www.r.crypexs.com
port 80 namevhost tehcxweb.xyz (/etc/httpd/conf.d/tehcxweb.xyz.conf:1)

Here is the output of the command - but I don’t understand how to screw mail.tehcxweb.xyzhelp me please

[tav@mail conf.d]$ sudo httpd -t -D DUMP_VHOSTS
AH00112: Warning: DocumentRoot [/var/www/html/htdocs] does not exist
VirtualHost configuration:
*:443 is a NameVirtualHost
default server mail.tehcxweb.xyz (/etc/httpd/conf.d/mail.tehcxweb.xyz.conf:7)
port 443 namevhost mail.tehcxweb.xyz (/etc/httpd/conf.d/mail.tehcxweb.xyz.conf:7)
port 443 namevhost r.crypexs.com (/etc/httpd/conf.d/r.crypexs.com.conf:1)
alias www.r.crypexs.com
port 443 namevhost tehcxweb.xyz (/etc/httpd/conf.d/ssl.conf:40)
*:80 is a NameVirtualHost
default server tehcxweb.xyz (/etc/httpd/conf.d/le-redirect-tehcxweb.xyz.conf:1)
port 80 namevhost tehcxweb.xyz (/etc/httpd/conf.d/le-redirect-tehcxweb.xyz.conf:1)
port 80 namevhost mail.tehcxweb.xyz (/etc/httpd/conf.d/mail.tehcxweb.xyz.conf:1)
port 80 namevhost r.crypexs.com (/etc/httpd/conf.d/r.crypexs.com.conf:1)
alias www.r.crypexs.com
port 80 namevhost tehcxweb.xyz (/etc/httpd/conf.d/tehcxweb.xyz.conf:1)

but keep getting the error

IMPORTANT NOTES:

1 Like

This is the fundamental problem and certbot --apache can’t overcome this misconfiguration. It needs to be fixed before Certbot will be able to do anything useful.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.