Issue on installing cert on ubuntu-server and virtual-machine (vbox)

Help
1

Hi there,

im coming out with a problem creating with certbot certs for my subdomain running on a apache webserver that ist running on a virtual machine (virtual box).
I have one other sub-domain already working with https and letsencrypt but i need a second one to be installed on the same server, with different subdomain on a special port.

Here some details:

My sub-domain is: my.example.com:8045
Port: 8045

I ran several commands like the following:
certbot certonly --webroot -w /var/www/html/app-folder/sub-folder/public -d kgsweb-mobile.peritia-itc.de

It produced this output:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: my.example.com
Type: unauthorized
Detail: my-ipaddress: Invalid response from https://my.example.com/.well-known/acme-challenge/dasaOhafGplskjsnPtpojadsfoalksdf: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains servie their content from the provided --webroot-path/-w and that the files created there can be downloaded from the internet.

My Server-System: Ubuntu Linux 20.04.6

My web server is (include version):
Apache/2.4.58 (Ubuntu) running on a VirtualBox
Server built: 2024-10-02T12:40:51

The operating system my web server runs on is (include version):
Ubuntu 24.04.1 LTS running on a VirtualBox

My hosting provider, if applicable, is: own server, self-managed.

I can login to a root shell on my machine (yes or no, or I don't know): yes via vpn.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.9.0

Hope that anyone can help solve this issue.

Thanks!
Mo

2

Do you own [redacted].de ? Because it is a valid domain that someone owns.

You also list domain kgsweb-mobile.peritia-itc.de

Please show the actual domain names you have a problem with.

3 Likes
3

sorry....for sure it is not my own domain.

My domain is: kgsweb-mobile.peritia-itc.de

4

I removed the other person's domain from the earlier posts.

I will assume the subdomain you mean is kgsweb-mobile. I see there are many certs for subdomains of peritia-itc.de but not this one.

The HTTPS in the error means your Apache server redirected the HTTP request from the Let's Encrypt server to HTTPS. When LE then tried the HTTPS URL your Apache said the challenge token was not found. I am just describing what happened.

The LE Server only allows sending HTTP challenges to port 80. Can you setup a VirtualHost in your Apache for this subdomain and port 80 to process the HTTP challenge? Since you got other certs I assume you know how to do this. If not please ask.

Then either configure your alternate port service to use that cert. Or, have Apache proxy from HTTPS (port 443) to this service (even using HTTP) on port 8045.

3 Likes
5

Hi,
thanks for your quick response.

Ok....let me explain my configuration of my virtual machines.

I habe two virtual machines setup on my Ubuntu server.

(1)
The first one is a Virtual Box for Production services.
This VM has two main Domains:

  1. "peritia-itc.de" (letsencrypt) and

  2. "kgs-web.de" (letsencrypt).

Both have working letsencrypt-certs.

(2)
The second one is also a Virtual Box for Test and development activities that has two sub-domains:

  1. kgswebtest.peritia-itc.de (letsencrypt)
  2. kgsweb-mobile.peritia-itc.de (should have a letsencrypt cert)

The first sub-domain is working excellent.
The second sub-domain makes trouble.

Ok.....all port-forwardings via iptables are working fine except the second sub-domain and im confused why it will not work.

1 Like
6

Hi,

this post can be closed. I was able to install the certs for kgsweb-mobile.peritia-itc.de.

It is actually available with port 8045. Then it will be available just with VPN.

Thanks for your support and have a good evening, merry christmas and a happy new year.

Best
Mo

3 Likes
7

The Problem was an open Port 80 on the production box.
After i closed this i was able to use this port on the test and dev box.
The certs could be setup and working fine now.

That means for everyone who has trouble setting up the certs:
Please close all port 80 forwards in your firewall or iptables and use them just for the machine, where you should install the certs. In that case everything will work fine.

Hope, this solution helps.

Thanks and have a good day.

Best
Mo

3 Likes