LetsEncrypt Cannot Obtain Certificate

My domain is:
Duckdns.org

I ran this command:
Unraid docker

It produced this output:
Failed authorization procedure. myserver.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://myserver.duckdns.org/.well-known/acme-challenge/BPoI7fI9FIgfwZoIV_JSMFBjr1a8u1K5ATulxHV3gXQ: “<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=“white”>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>”

My web server is (include version):
Not sure

The operating system my web server runs on is (include version):
Linux

My hosting provider, if applicable, is:
duckdns/Dreamhost

I can login to a root shell on my machine (yes or no, or I don’t know):
I believe so

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Unraid docker

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
unsure

It is nearly impossible to provide accurate technical guidance without the real domain name.

So here is my best guess at what I perceive your actual problem might be…

A. The renew command is using --webroot incorrectly.
B. The server uses Apache and has a conflicting/overlapping “domain” that confuses the ACME client on where you actually want the cert installed/validated.
C. The (modified) configuration has mishandled the /.well-known/acme-challenge/ requests - due to conflicting rewrite statements.

Best of luck to you.

The real domain name is qrtsy.com
I clicked on letsencrypt and tried certbot cert only and was given a list of things to attempt to connect to, however none of them were duck dns (or maybe I put in my domain name in one of the listed items)?

http://qrtsy.com/
http://www.qrtsy.com/
Both fails with:
HTTP request sent, awaiting response… 500 Internal Server Error
2019-01-23 05:16:10 ERROR 500: Internal Server Error.

Review your web server config files for any errors.
[I would focus on recent changes - assuming this worked previously]

Am I missing something on the domain then? I don’t have a website there, just the domain name. I created CNAMEs for my other domain legendsoflink.com but got the same result.

Hi @Tebasaki

are you the domain owner? There ( https://check-your-website.server-daten.de/?q=legendsoflink.com )

is no CNAME definition.

Same with your other domain ( https://check-your-website.server-daten.de/?q=qrtsy.com ):

Now seen:

Html-Content - Entries (BETA)

Looks like you have the domain, but dreamhost shows a “not ready” - information.

So where did you defined the CNAME?

I am the domain owner. My CNAME was defined in my DNS settings. I winder if I have to manually refresh the DNS?

Capture.JPG1035×335 19.5 KB

These are CNAME entries for the domain names nextcloud.legendsoflink.com etc, not for the domain name.

nextcloud … there I see the CNAME ( https://check-your-website.server-daten.de/?q=nextcloud.legendsoflink.com ):

And the main configuration is ok.

The http status 404 checking /.well-known/acme-challenge is good.

If you would use Certbot, then you may use the webroot - option.

But I don’t know what Unraid docker is doing.

PS: If you start a client at nextcloud.legendsoflink.com, normally this client doesn’t create a certificate with the duckdns.org - domain name.

So you’re telling me that my domain settings on my webiste are OK, and that I just need to tell letsencrypt to grab a cert?

I clicked on letsencrypt and went to console, then typed certbot certonly and it gave me a list, but I don’t see duck dns on it.

image.png765×491 26.8 KB

This is the list of your certbot plugins. Not the list of your domains.

Please read

https://certbot.eff.org/docs/using.html

If you want to create a certificate with a domain name, use the -d option. But certbot needs an authenticator you have to select.

It looks like my command will be certbot certonly --webroot -w “/var/www/example” -d server.legendsoflink.com -d nextcloud.legendsoflink.com -d sonarr.legendsoflink.com

but I can’t seem to find the webroot path on my letsencrypt.

It's not the webroot path of your letsencrypt.

It's the webroot path of your vHost.

So check your vHost files. Apache - DocumentRoot.

<VirtualHost *:80>
    DocumentRoot "/www/example1"
    ServerName www.example.com

    # Other directives here
</VirtualHost>

DocumentRoot = webroot.

Please not that you are trying to obtain a cert with three names on it.
If those three names are being served from different DocumentRoots you will have to “explain” to cerbot where each name is being served from (i.e. multiple webroots).

I understand that, with the multiple --webroot -w command I’ll need for each cert, but I don’t even know how to check my vhost files.

1. Click on letsencrypt.
2. Select console.
3. Type Apache -DocumentRoot (doesn’t work)
4. type -DocumentRoot (doesn’t work)

I’ve used Linux maybe 3 times in my life. It’s like explaining to a line chef how to fix a space shuttle; it’s possible, but you have to take baby steps.

Let's go for 4!

At a # prompt type (you can copy+paste):
grep -Eri 'root|servername|serveralias|virtualh|listen' /etc/apache2

If the prompt does not end in #, then try (as root user) same command but prepend with sudo:
sudo grep -Eri 'root|servername|serveralias|virtualh|listen' /etc/apache2

My terminal from LetsEncrypt ends in $, for my unraid it ends in #. Inputting both commands in both terminals gets me

grep: /etc/apache2: No such file or directory
sh: sudo: not found

So I don’t have Apache installed?

I’m not skilled enough in docker to be sure how to proceed there…

But it should have a web service.
Try:
which apache2
which nginx

[two of the more popular ones]

gets me
/usr/sbin/nginx

so i got that going for me!

OK. Now we are getting somewhere!

Please show:
ls -l /etc/nginx/conf.d/

And try:
certbot --nginx