<p", www.teamquantos.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.teamquantos.net/.well-known/acme-challenge/Mb7NcBw5EfBwplYpV1sON3S6rS7sJWcMh88Fe838cTQ: "
404 Not Found
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
I already tried creating a file in my .well-known directory named "test" and wrote in it "ok" and executed this command (stolen from another helping post from @serverco )
You posted the output of curl -Ihttp://teamquantos.net/.well-known/acme-challenge/test, which responds with a redirect to https://teamquantos.net/.well-known/acme-challenge/test.
curl -Ihttps://teamquantos.net/.well-known/acme-challenge/test gives a 404 Not Found error, as shown in Let’s Encrypt’s original error message.
It looks like you need to change your web server configuration in one of two ways:
Configure the HTTP vhosts not to redirect requests to /.well-known/acme-challenge/ to HTTPS.
Configure the HTTPS vhosts to serve files in /.well-known/acme-challenge/ from /var/www.
If you post your web server configuration, and which path you’d prefer to take, we should be able to help you configure it.
With -k you can tell curl to ignore that. Let’s Encrypt will do so too It even accepts self-signed certificates.
Anyway, the 404 error is legit. That’s because although you already have a redirect in place for teamquantos.net to HTTPS, your webserver currently isn’t “listening” on HTTPS for teamquantos.net, but for mail.teamquantos.net! And your “Mailcow” probably has a different webroot as the webroot you’re pointing certbot at.
So you’ve got a few options, just like @mnordhoff already said. You can:
Modify your current HTTP -> HTTPS redirect in Apache to ignore everything that begins with /.well-known/acme-challenge
Add a HTTPS<VirtualHost> configuration for teamquantos.net which points to the correct webroot;
Don’t use the webroot authenticator, but the apache authenticator which uses the tls-sni-01 challenge.
Which one you choose depends on how comfortable you are with manually configuring your Apache (for option 1 or 2) or if option 3 didn’t work for you in the past (perhaps we can fix that?)
First you need to identify where the current redirect code is. To know that, if you don’t know how or where to look, we’ll need more understanding about the architecture of your server… What OS is it? Is it a “standard” installation of Apache or custom? That sort of things…
First I installed a mailserver and this installed apache2 aswell so idk if there was something special that mailcow installed with the mailserver. And I am using Debian 8 jessie
Well, there’s your problem. Currently, the only thing on your webserver is Mailcow. And the Apache configuration file for the webmail has the redirect in place. But this redirect should be only for mail.teamquantos.net.
The reason you’re getting a redirect for teamquantos.net too is because you don’t have that hostname configured! The only thing currently configured on your webserver is mail.teamquantos.net. If you want to use the webroot plugin, you need to configure your Apache to actually have a site for teamquantos.net.
But I’m quite puzzled now… You want a certificate for teamquantos.net and www.teamquantos.net, but you don’t have a site configured for it? Why do you need the certificate if you don’t have a site which will use it?
Well if I type in teamquantos.net in my browser, google chrome tells me this is not a safe website so I can’t check if there is a webserver configured for teamquantos.net or not but I think there is. Can I check that?
Should I try to install apache2 again or in another way?
Hmm, interesting, don’t know where the 000-default comes from… Probably Debians default. I’m don’t have much experience with Debian (or distro’s based upon Debian), but what I can tell that doesn’t help you further… (Unless someone modified 000-default.conf.)
Looks like you don’t have a site for teamquantos.net set up!
Question remains though: if you don’t have a site set up for teamquantos.net, why do you want a TLS certificate for the hostname?
Because if you do want a site for those domain names, setting that up is probably beyond the scope of this forum.
But if you need the certificates for something else, we’ll be happy to help you with that