IP change for my domain, but could not get certif

beintext · January 10, 2021, 11:15pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail.gounivers.com

I ran this command:sudo certbot certonly -a apache --agree-tos --no-eff-email --staple-ocsp --email admin@gounivers.com -d mail.gounivers.com

It produced this output:

Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mail.gounivers.com (http-01): urn:ietf:params:acme:erro                                                                      r:unauthorized :: The client lacks sufficient authorization :: Invalid response from ht                                                                      tp://mail.gounivers.com/.well-known/acme-challenge/y0u95gW-DmB6FM98yVo8c_Q75RFBrg7VILlp                                                                      rCOsKzA [173.212.218.246]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html                                                                      ><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: mail.gounivers.com
   Type:   unauthorized
   Detail: Invalid response from
   http://mail.gounivers.com/.well-known/acme-challenge/y0u95gW-DmB6FM98yVo8c_Q75RFBrg7                                                                      VILlprCOsKzA
   [173.212.218.246]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version):Server version: Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version):Ubuntu18.04

My hosting provider, if applicable, is:contabo

I can login to a root shell on my machine (yes or no, or I don't know):Y

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):webmin, but using comand line

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 0.27.0

griffin · January 10, 2021, 11:44pm

Welcome to the Let's Encrypt Community

Try the following command, which will pause after creating the http-01 challenge file so that you can verify that it's created in the /.well-known/acme-challenge/ directory inside your webroot directory:

sudo certbot certonly --cert-name mail.gounivers.com --apache -d "mail.gounivers.com" --debug-challenges --keep

Your certbot version is archaic (0.27.0 vs 1.11.0).

sahsanu · January 11, 2021, 12:15am

@griffin, seems op mistyped the domain, it isn't mail.gouinvers.com but mail.gounivers.com I've edited the post.

beintext · January 10, 2021, 4:19am

Dear Griffin,Thanks you for your feedback, pls note you tested the wrong domain name, below is the test of the correct one.

Let's Debug## Previous tests for mail.gounivers.com

#412699 (http-01) | 11h36m23s ago | OK | 0 fatal errors, 0 errors and 0 warnings |

| - | - | - |
#412698 (http-01) | 11h38m56s ago | OK | 0 fatal errors, 0 errors and 0 warnings |

We also have open-source API and CLI tools, as well as web-based certificate search and certificate revocation.

Let's Encrypt™ is a trademark of the Internet Security Research Group.

Let's Debug

Test result for mail.gounivers.com using http-01

All OK!
OK

No issues were found with mail.gounivers.com. If you are having problems with creating an SSL certificate, please visit the Let's Encrypt Community forums and post a question there.

Submitted 11h36m56s ago. Sat in queue for 2ms. Completed in 2s. Show verbose information.

We also have open-source API and CLI tools, as well as web-based certificate search and certificate revocation.

Let's Encrypt™ is a trademark of the Internet Security Research Group.

griffin · January 11, 2021, 7:18pm

I amended my suggestion minutes after @sahsanu noticed the typo. Since you're replying by email, you're seeing the old message. Did you get the revised message?

beintext · January 11, 2021, 7:35pm

Hi Griffin,
No dear I dind find it sincerly, last one i saw is SAHSANU, even I'm replying from community to your msg. Thanks in advance.

griffin · January 11, 2021, 7:38pm

Not your fault, my friend.
That's just the reply-by-email goofiness.

system · February 10, 2021, 7:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.