Installation of Cert via Certbot failed

nonexistent · April 24, 2018, 8:36am

Hey, I’m going to be straightup honest, I have no idea about SSL and stuff like that. So I was really happy when I noticed that there is an automation tool that makes it a lot easier. However, I did run into a problem. The first one was that certbot has a problem with my htaccess configuration which I temporarily disabled to solve this. However, the second one is a problem I REALLY can’t figure out by myself.

My domain is: realitaetsverlust.rocks

I ran this command: certbot --authenticator webroot --installer apache

It produced this output: see below

My web server is (include version): Apache/2.4.25 (Debian)

The operating system my web server runs on is (include version): Debian GNU/Linux 9 \n \l

My hosting provider, if applicable, is: Domain was registered at united domains, vserver is hosted at ip-projects

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): nope

The full logs of the procedure:

root@rikku: /var/www/html/aerith
# certbot --authenticator webroot --installer apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer apache

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: realitaetsverlust.rocks
2: blog.realitaetsverlust.rocks
3: www.blog.realitaetsverlust.rocks
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for blog.realitaetsverlust.rocks
Input the webroot for blog.realitaetsverlust.rocks: (Enter 'c' to cancel): /var/www/html/aerith/
Waiting for verification...
Cleaning up challenges
Could not reverse map the HTTPS VirtualHost to the original

IMPORTANT NOTES:
 - Unable to install the certificate
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/blog.realitaetsverlust.rocks/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/blog.realitaetsverlust.rocks/privkey.pem
   Your cert will expire on 2018-07-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"

So, certbot said “Could not reverse map the HTTPS VirtualHost to the original” and “Unable to install certificate”, but I really don’t know what to do right now.

stevenzhu · April 24, 2018, 12:16pm

Hi,

For your webroot, you won't actually need to point the directory to the directory your website hosted.

This just means that certbot obtained the certificate, it just can't install it.

Do you have existing Apache vHost file for this domain ?

Thank you

nonexistent · April 24, 2018, 12:30pm

Hey, thanks for the reply!

I do have an existing vhosts-file for this domain which looks like the following:

root@rikku: /var/www/html/aerith
# cat /etc/apache2/sites-available/realitaetsverlust.rocks.conf
<VirtualHost *:80>
    ServerName blog.realitaetsverlust.rocks
    Serveralias www.blog.realitaetsverlust.rocks
    ServerAdmin webmaster@realitätsverlust.rocks
    DocumentRoot "/var/www/html/aerith"

    ErrorLog ${APACHE_LOG_DIR}/aerith.error.log
    CustomLog ${APACHE_LOG_DIR}/aerith.access.log combined
</VirtualHost>

<VirtualHost *:80>
    ServerName realitaetsverlust.rocks
    Serveralias realitaetsverlust.rocks
    ServerAdmin webmaster@realitätsverlust.rocks
    DocumentRoot "/var/www/html"

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

schoen · April 24, 2018, 10:04pm

What version of Certbot do you have?

Two quick guesses: (1) Old version of Certbot that didn’t understand multiple VirtualHosts in the same configuration file, or (2) maybe some kind of bug with the ä in realitätsverlust because there are still several parser problems related to our handling of non-ASCII characters in web server configuration files.

nonexistent · April 26, 2018, 12:54pm

Hey, thanks a lot for your reply.

I have version 0.23.0. I downloaded it via the instructions on the website.

root@rikku: ~
# certbot --version
certbot 0.23.0

The second guess shouldn’t be a problem since the domain does not include “ä”. I do own the domain “realitätsverlust.rocks” too, but I try to install the certificate on “realitaetsverlust.rocks”. So there should be no problem with any “umlauts”.

schoen · April 26, 2018, 4:09pm

That's not necessarily right because it has to parse the whole file in any case, and the parser could get confused by unexpected characters even outside of the area containing the text that the parser is trying to find. But I don't know for sure that this is the real reason for the problem.

nonexistent · April 27, 2018, 8:47am

Ah, you mean the email. You were right, that was the issue. After replacing the ä with ae, certbot installed the certificate without any problems. Too bad I have to setup a new e-mail server for the domain with ae now, if I knew that umlauts are that much of a problem I had never started using that domain.

Thank you very much tho!

schoen · April 28, 2018, 6:23am

It’s a good reminder that a lot of software (including ours) is very ASCII-centric and still needs to be updated to work better with non-English text. We do have an issue open about this in our bug tracker, and I’ll make a note about your problem there too. Sorry for the inconvenience! I do think things are getting better over time for non-English text in computing … but slowly.

system · May 28, 2018, 6:23am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.