I ran this command: sudo certbot --apache -d aqaj.org
Output:
"Obtaining a new certificate
Performing the following challenges:
http-01 challenge for aqaj.org
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. aqaj.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://aqaj.org/.well-known/acme-challenge/Q6MkISlID_N1xaOd6SdPLx4AUD6wEFzMSJZZ0i_Ou5s: “\r\n\r\n\r\n\t\r\n\tAccueil Association Qu\xe9b\xe9coise des Administrat”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal."
When I ping aqaj.org, it resolves to the correct DNS (my droplet).
My web server is (include version): apache
The operating system my web server runs on is (include version): linux ubuntu 14.04
It seems certbot is having trouble placing the challenge file in the correct folder.
Please place a test.txt file as: http://aqaj.org/.well-known/acme-challenge/test.txt
Options All -Indexes
# Deny access to .htaccess
<Files .htaccess>
order allow,deny
deny from all
satisfy all
</Files>
# Deny access to php.ini
<Files php.ini>
order allow,deny
deny from all
satisfy all
</Files>
# Deny access to php_error.log
<Files php_error.log>
order allow,deny
deny from all
satisfy all
</Files>
RewriteEngine on
RewriteBase /
# Prevent any kind of looping:
RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule ^ - [L]
# Rewrite links to index.php
# RewriteCond %{REQUEST_URI} !^/index\.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?uri=$1 [L]
How should I edit this file to accomodate let’s encrypt and redirect all traffic to https?
The htaccess redirection is used for internal website structure purposes. It transforms all URLs into GET requests. It does not, as of now, redirect to https.
Since you said:
I am wondering how to edit my current htaccess file to solve the issue and allow let's encrypt to work properly.
I understand that when let's encrypt will be functioning properly, I'll have to edit again my htaccess to redirect http traffic to https.
certbot --apache -d aqaj.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for aqaj.org
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. aqaj.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://aqaj.org/.well-known/acme-challenge/mNVPie10PNzV8ojgxDs8510fgUiaa_Qb1s9Oy6Cxxi0: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: aqaj.org
Type: unauthorized
Detail: Invalid response from
http://aqaj.org/.well-known/acme-challenge/mNVPie10PNzV8ojgxDs8510fgUiaa_Qb1s9Oy6Cxxi0:
"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
What is causing the issue?
Could it have to do with the fact that my website root is not located in /var/www/html?
If you can load your file, you have found your correct webroot. So use this information to split authenticator and installation.
certbot run -a webroot -i apache -w pathToYourWebroot -d aqaj.org
That may be part of the problem. But if you have your correct webroot, you can use it.
PS: The file is without extension, so try 1234 as file name, not 1234.txt. Sometimes redirect rules have a different behaviour if the file has an extension or not.