Let's encrypt challenge failed

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.slogitracking.com

I ran this command:USE_PYTHON_3=5 /usr/local/bin/certbot-auto --apache

It produced this output:Traceback (most recent call last):
File ā€œ/tmp/tmp.NomxBTqqRW/fetch.pyā€, line 28, in
from urllib.request import build_opener, HTTPHandler, HTTPSHandler
ImportError: No module named request
WARNING: unable to check for updates.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

1: slogitracking.com
2: www.slogitracking.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ā€˜cā€™ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for slogitracking.com
http-01 challenge for www.slogitracking.com
Waiting for verificationā€¦
Challenge failed for domain slogitracking.com
Challenge failed for domain www.slogitracking.com
http-01 challenge for slogitracking.com
http-01 challenge for www.slogitracking.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version): Server version: Apache/2.2.15 (Unix)

The operating system my web server runs on is (include version):Centos 6.10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I donā€™t know):yes

Iā€™m using a control panel to manage my site (no, or provide the name and version of the control panel):Bitevise SSH Client

The version of my client is (e.g. output of certbot --version or certbot-auto --version if youā€™re using Certbot):certbot 1.4.0

1 Like
2

I see a couple of potential problems.

#1 Having individual sites for seemingly identical/related names
Do you actually provide different sites (with different content) to those two names?
[if not, try combining both files vhost configs into one single vhost config]

#2 Trying to obtain one cert for multiple "sites" (a site in this sense correlated to a separate vhost config).
You would be better served keeping to one cert per "site".

As for the "failure":

The server is having internal issues ("500 Internal Server").
But that may be an unrelated problem.
The HTTP requests on /.well-known/acme-challenge/ should require very little resource.
The 500 error sounds like a database backend may be down/unavailable [again unrelated].

My tests (now) don't show the 500 error.
But they all show 403 forbidden.
Which means the site is set to require authentication.
LE will not be able to authenticate.
Access to the /.well-known/acme-challenge/ URI needs to be allowed without authentication.

1 Like
3

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for slogitracking.com
Waiting for verificationā€¦
Challenge failed for domain slogitracking.com
http-01 challenge for slogitracking.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

4

Hi @mongi

if you have that error, you have to fix that before you are able to create a certificate.

A working port 80 / http is required.

A http status 200 or 404 / Not Found is expected checking an existing / not existing file in /.well-known/acme-challenge.

5

nmap -p80 slogitracking.com

Starting Nmap 5.51 ( http://nmap.org ) at 2020-05-27 17:14 CEST
Nmap scan report for slogitracking.com (51.91.122.75)
Host is up (0.000072s latency).
rDNS record for 51.91.122.75: vps772991.ovh.net
PORT STATE SERVICE
80/tcp open http

Now is activated and open but i still not able to get letsencrypt certicate the output i get is as follwing
Which names would you like to activate HTTPS for?

1: slogitracking.com
2: www.slogitracking.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ā€˜cā€™ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for slogitracking.com
http-01 challenge for www.slogitracking.com
Waiting for verificationā€¦
Challenge failed for domain slogitracking.com
Challenge failed for domain www.slogitracking.com
http-01 challenge for slogitracking.com
http-01 challenge for www.slogitracking.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

6

Your nmap test only shows the service is active, it doesn't discount the "internal service error 500".
The mere fact that we see the "internal server error 500" message means the server is there.
That message is from the web server itself.

The web server is saying "I am broken".
Yes, the web server is running.
But did you read the message?

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.