Keep getting errors


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jiwon.me

I ran this command:
certbot --authenticator webroot --installer apache --webroot-path /home/pi/public_html -d jiwon.me

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jiwon.me
Using the webroot path /home/pi/public_html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. jiwon.me (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://jiwon.me/.well-known/acme-challenge/WYD8svcmY7D-ZK_jcWakl9TQ0Sz-spSu9wrfx7nrJW8: Connection refused

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: jiwon.me
   Type:   connection
   Detail: Fetching
   http://jiwon.me/.well-known/acme-challenge/WYD8svcmY7D-ZK_jcWakl9TQ0Sz-spSu9wrfx7nrJW8:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version): Apache/2.4.25 (Raspbian)

The operating system my web server runs on is (include version):Raspbian GNU/Linux 9 (stretch)

My hosting provider, if applicable, is: https://dnszi.com/

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


I’m trying to get certification with my domain and subdomain, and it keeps getting errors.
I added A records to my dns manage site like below.

  1. jiwon.me / ddns setting (o) / 218.xxx.217.xxx
  2. blog.jiwon.me / ddns setting (o) / 218.xxx.217.xxx (same as 1)

Did I do something wrong with this? And if I run the command with ‘blog.jiwon.me’, it also shows me errors and it’s ‘Type: unauthorized’.


#2

Your server redirects http (port 80) to https (port 443) but on the port 443, reserved for https, your servers answers an http response:

http://jiwon.me:443/.well-known/acme-challenge/WYD8svcmY7D-ZK_jcWakl9TQ0Sz-spSu9wrfx7nrJW8

(note the “:443” to tells the browsers to communicate using http - not https - on the port 443)

So the best guess is in your virtual host : <VirtualHost *:443> some directives are missing, at least SSLEngine on :

https://httpd.apache.org/docs/2.4/en/ssl/ssl_howto.html


#3

Thank you for your answer.
However, I can’t guess what’s my problem is.
You said some directives are missing, but what kinds of directives in my virtual host conf file?


#4

Actually, I fixed the port because I’m using the port forwarding. It works now!
Thank you!! :smiley:


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.