I have problem at the last step installing certificate

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: bluebeanssystems.com
Type: unauthorized
Detail: 13.229.225.14: Invalid response from http://bluebeanssystems.com/.well-known/acme-challenge/12oElVTNvFFl5BAhR3OKfTn2wqTLQnItMym1szpWJZ4: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

You requested the --nginx plugin but I see an Apache server responding to that domain name.

Request to: bluebeanssystems.com/13.229.225.14, Result: [Address=13.229.225.14,Address Type=IPv4,Server=Apache/2.4.52 (Ubuntu)

Can you explain more what you are trying to do? It would also be helpful to see more of the answers on the original form you were shown

=========================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version from certbot --version:

4 Likes

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | bluebeanssystems.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My web server is (include version): Apache/2.4.52 (Ubuntu) Server

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: Vultr

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version from certbot --version: certbot 1.21.0
[/quote][quote="Bale, post:1, topic:212747, full:true"]
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: bluebeanssystems.com
Type: unauthorized
Detail: 13.229.225.14: Invalid response from http://bluebeanssystems.com/.well-known/acme-challenge/12oElVTNvFFl5BAhR3OKfTn2wqTLQnItMym1szpWJZ4: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
[/quote]

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | bluebeanssystems.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My web server is (include version): Apache/2.4.52 (Ubuntu) Server

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: Vultr

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version from certbot --version: certbot 1.21.0

You might try sudo certbot --apache instead of using --nginx. Why did you think you should use the --nginx option?

Also, Ubuntu 22 easily supports the snap install for Certbot. Version 1.21 that comes with Ubuntu is actually fairly old. The latest is v2.8. To switch to the latest snap install, follow below instructions carefully

3 Likes

Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Are you running Certbot from the same machine that Apache is running?

Because I still see an Apache server replying to requests for your domain. Your most recent error says Apache is not running. Something is not right

Your Apache server is responding to HTTP and HTTPS requests. The only issues I see is you do not redirect HTTP to HTTPS. And, the cert being used does not have your root domain in it.

Please use more words to explain what you are trying to do. Use your own language if that helps. I can use translation tools.

Also, please show output of this:

sudo certbot certificates
4 Likes

After running that command, it says "No certificates found."

I follow all the instructions here
Certbot Instructions

What does this command show?

curl -4 https://ifconfig.io
3 Likes

It shows 45.32.108.139

That is not the same machine as you have in your DNS for that domain name.

You see this IP in the error message as this is the machine Let's Encrypt is trying to connect to for validating the domain name. You should be running Certbot on this same machine.

Or, if you are migrating to a new server you need to change your DNS. We need more explanation from you to assist further.

bluebeanssystems.com.	0	IN	A	13.229.225.14
4 Likes

I change it to new.bluebeanssystems.com and now its 45.32.108.139

Now, it prompts this error.
Successfully deployed certificate for new.bluebeanssystems.com to /etc/apache2/sites-available/000-default-le-ssl.conf
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Should I update the ServerName directive?

Ah, it looks like you have an nginx server at this new IP address.

Which kind of server are you trying to run on this new system? Apache or nginx?

Request to: new.bluebeanssystems.com/45.32.108.139, Result: [Address=45.32.108.139,Address Type=IPv4,Server=nginx,

4 Likes

nginx
Its nginx, right?

Do I have to remove the installed cert and install a new one?

Simulating renewal of an existing certificate for new.bluebeanssystems.com
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

I'm stuck in here

That's an Apache control command - you're using nginx.

What shows?

certbot certificates

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.