Impossible d'obtenir un certificat

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.ts-info.org

I ran this command: certbot certonly -d www.ts-info.org

It produced this output:

Input the webroot for www.ts-info.org: (Enter 'c' to cancel): /var/www/moodle
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.ts-info.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.ts-info.org/.well-known/acme-challenge/nuaMENGsmWmX4OhNJII6Ox1KHwoCuLGfKmD4xcObAIA [109.238.12.150]: "\n\n404 Not Found\n\n

Not Found

\n<p"

IMPORTANT NOTES:

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Linux Debian 10.10

My hosting provider, if applicable, is: ikoula

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

Please show the output of:
sudo apachectl -t -D DUMP_VHOSTS

Thanks for your answer.
Here is the output of "apachectl -t -D DUMP_VHOSTS":

VirtualHost configuration:
*:80 is a NameVirtualHost
default server srvmoodle.ts-info.org (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost srvmoodle.ts-info.org (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost www.ts-info.org (/etc/apache2/sites-enabled/ts-info.org.conf:1)
alias www.ts-info.org

And, after many corrections, here is the output of "certbot certonly -d www.ts-info.org":

Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?


1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.ts-info.org
Input the webroot for www.ts-info.org: (Enter 'c' to cancel): /var/www/moodle
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.ts-info.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://www.ts-info.org.well-known/acme-challenge/8VXAOIjGGiLXCyaBRHsqTxjXq6VdvnB_eRoTf9MF2BM: Invalid host in redirect target "www.ts-info.org.well-known". Check webserver config for missing '/' in redirect target.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.ts-info.org
    Type: connection
    Detail: Fetching
    https://www.ts-info.org.well-known/acme-challenge/8VXAOIjGGiLXCyaBRHsqTxjXq6VdvnB_eRoTf9MF2BM:
    Invalid host in redirect target "www.ts-info.org.well-known". Check
    webserver config for missing '/' in redirect target.

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you're using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

I don't understand...

There is a problem with the HTTP to HTTPS redirection.
Please show file:
sudo cat /etc/apache2/sites-enabled/ts-info.org.conf

[also, why redirect to HTTPS, when there is no HTTPS site ready for that name?]

1 Like

Thank you so much.

I had forgotten enabling HTTPS site, and i made a mistake in ts-info.org.conf.

It's OK now, and the certificate hase been generated

Have a nice day

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.