Moving to different hosting panel with fresh server install


#1

Hello,

I’m making a webhosting server for a company. The first chioce of hosting panel was VestaCP so first time I create the certificate there. But sadly VestaCP is has not brought the expected results and I moved to ISPConfig3 on fresh server install, so everything is deleted. I need the certificate for the hosting domian. My DNS records contains the proper A record and I don’t using IPv6 record.

Now I’m facing with the following problem:

My domain is: https://hosting.increst.hu
https://crt.sh/?q=hosting.increst.hu

I ran this command: letsencrypt certonly --webroot

It produced this output:
root@hosting /tmp/servisys-ispconfig_setup-9f2b458 # letsencrypt certonly --webroot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Please enter in your domain name(s) (comma and/or space separated)  (Enter ‘c’
to cancel): hosting.increst.hu
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for hosting.increst.hu
Input the webroot for hosting.increst.hu: (Enter ‘c’ to cancel): /var/www/html/  
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. hosting.increst.hu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid
response from http://hosting.increst.hu/.well-known/acme-challenge/8lO7KQhVNPdx50dOFH7LPkE5r7_nt6v3596MrMTs1-Y: “<!DOCTYPE HTML PUBLIC “-//IETF//
DTD HTML 2.0//EN”>\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p”

IMPORTANT NOTES:

  • The following errors were reported by the server:

  Domain: hosting.increst.hu
  Type:   unauthorized
  Detail: Invalid response from
  http://hosting.increst.hu/.well-known/acme-challenge/8lO7KQhVNPdx50dOFH7LPkE5r7_nt6v3596MrMTs1-Y:
  “<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML
  2.0//EN”>\n<html><head>\n<title>404 Not
  Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p”

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.
root@hosting /tmp/servisys-ispconfig_setup-9f2b458 #

My web server is (include version): Server version: Apache/2.4.29 (Ubuntu)
Server built:   2018-10-10T18:59:25

The operating system my web server runs on is (include version): Ubuntu 18.04.1

My hosting provider, if applicable, is: Me

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, ISPconfig3

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.23.0

I gonna be very happy if You guys have a good suggestion on my case!

Cheers,
Csaba.


#2

Hi @Nagytalp

if you have such an error, then your webroot may be wrong or you have additional definitions / internal redirects.

Your main config looks ok, because port 80 answers. Fetching a not existing file there is the expected http status 404.

So share your config file.

PS: Your port 443 sends http content ( https://check-your-website.server-daten.de/?q=hosting.increst.hu ):

Domainname Http-Status redirect Sec. G
http://hosting.increst.hu/
5.9.36.203 200 0.047 H
https://hosting.increst.hu/
5.9.36.203 -4 0.096 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
http://hosting.increst.hu:443/
5.9.36.203 200 0.054 Q
http://hosting.increst.hu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
5.9.36.203 404 0.050 A
Not Found

This is wrong, but it isn’t relevant if you want to create a new certificate.

But perhaps both VirtualHosts have different webroots.


#3

The webroot must match the document root used by the site.