I found problem while installing certificate in Apache

prince00 · October 23, 2023, 11:17am

I run this command: sudo certbot --apache

It produced this output:

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for platform.EXAMPLE.com

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: platform.EXAMPLE.com
Type: unauthorized
Detail: 2a02:4780:1e:b0c5:b9b:15a5:3510:369c: Invalid response from http://platform.EXAMPLE.com/ .well-known/acme-challenge/2FU35paxLaZIrPa2aWjqDeCX3mJ8l54XvosXA_7LQwI: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: hostinger VPS

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

When I run "certbot certificates" it shows "No certificates found."

When I run " sudo apachectl -t -D DUMP_VHOSTS" It shows "VirtualHost configuration:
*:80 platform.EXAMPLE.com (/etc/apache2/sites-enabled/platform.conf:1)"

This is the error log
" tail -n 30 /var/log/letsencrypt/letsencrypt.log"

2023-10-23 11:03:36,993:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in
sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1287, in run
new_lineage = _get_and_save_cert(le_client, config, domains,
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 459, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-10-23 11:03:36,993:ERROR:certbot._internal.log:Some challenges have failed.
2023-10-23 11:06:40,777:DEBUG:certbot._internal.main:certbot version: 1.21.0
2023-10-23 11:06:40,778:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-10-23 11:06:40,778:DEBUG:certbot._internal.main:Arguments:
2023-10-23 11:06:40,778:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-10-23 11:06:40,784:DEBUG:certbot._internal.log:Root logging level set at 30
2023-10-23 11:06:40,785:DEBUG:certbot._internal.display.obj:Notifying user: No certificates found.

And my conf file

<VirtualHost *:80>
    DocumentRoot "/var/www/project-management/public"
    DocumentRoot /var/www/project-management/public
    ServerName platform.******.com

    <Directory /var/www/project-management/public>
        Options Indexes FollowSymLinks
        AllowOverride All
        order deny,allow
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

And my .htaccess file

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On
    #RewriteRule ^\.well-known\/acme-challenge\/ - [L]

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    # Send Requests To Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

rg305 · October 23, 2023, 11:51am

Hi @prince00, and welcome to the LE community forum

Without an actual domain name, there is little we can do.

Does the domain work via IPv6?

Please follow the recommended installation instructions.
Use snap - not apt
See: Certbot (eff.org)

The tail was too short.
The relevant error message was further up.

You only need to say that once.
[both ways are fine - pick one]

Bruce5051 · October 23, 2023, 4:11pm

You are using HTTP on Port 443

>curl -k -6  http://\[2a02:4780:1e:b0c5:b9b:15a5:3510:369c\]:443
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP r`Preformatted text`eq`Preformatted text`uest was sent to HTTPS port</center>
<hr><center>hcdn</center>
</body>
</html>

And HTTP on Port 80 has an issue

>curl -k -6 http://\[2a02:4780:1e:b0c5:b9b:15a5:3510:369c\]:80
curl: (56) Recv failure: Connection reset by peer

Osiris · October 23, 2023, 4:55pm

Not really, you're using http:// in the URL and the webserver is actually complaining about that fact. Not the other way around as you're suggesting. That said, HTTPS is giving a non-specific TLS error, so no idea why that's happening.

Bruce5051 · October 23, 2023, 4:57pm

OK; but using HTTPS on Port 443 yields this:

>curl -k -6  https://\[2a02:4780:1e:b0c5:b9b:15a5:3510:369c\]:443
curl: (35) OpenSSL/1.1.1t: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error

Osiris · October 23, 2023, 5:00pm

Yes, correct, it's broken. I don't know why.

prince00 · October 23, 2023, 5:27pm

I havn't configure ipv6 even mention ip is not mine. My vps show this 2a02:4780:c:e9e3::1

Osiris · October 23, 2023, 5:32pm

Then your DNS is probably not configured correctly.

Bruce5051 · October 23, 2023, 5:38pm

Please supply your information instead others' information.

system · November 22, 2023, 5:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.