Multiple Domains with Same Web root?

cokere · July 9, 2018, 10:14pm

EDIT: I'm now rate limited for too many failed attempts

My domain is: chukwumaokere.com and chuckokere.com

I ran this command: certbot --apache -d chukwumaokere.com

It produced this output: I cant scroll up far enough in my terminal, but it created successfully. When I try to create the same thing for chuckokere.com, I get this:

{
"identifier": {
"type": "dns",
"value": "chuckokere.com"
},
"status": "invalid",
"expires": "2018-07-16T21:37:19Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Invalid response from http://chuckokere.com/.well-known/acme-challenge/zSunvP4bpSEosSY0bFyyoDd35FUo12rEt3TZqw6l9sM: "\u003c!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eNot Found\u003c/h1\u003e\n\u003cp"",
"status": 403
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/eFDPXBcYURDi9XXKnBoysj4b_ooK1z7YKioztfY2Jlk/5561563727",
"token": "zSunvP4bpSEosSY0bFyyoDd35FUo12rEt3TZqw6l9sM",
"keyAuthorization": "zSunvP4bpSEosSY0bFyyoDd35FUo12rEt3TZqw6l9sM.e5sgg1DyQNF6Yv9CLAiSk1omPgSKVBl3piZAybretJs",
"validationRecord": [
{
"url": "http://chuckokere.com/.well-known/acme-challenge/zSunvP4bpSEosSY0bFyyoDd35FUo12rEt3TZqw6l9sM",
"hostname": "chuckokere.com",
"port": "80",
"addressesResolved": [
"162.243.164.52"
],
"addressUsed": "162.243.164.52"
}
]
},
{
"type": "dns-01",
"status": "invalid",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/eFDPXBcYURDi9XXKnBoysj4b_ooK1z7YKioztfY2Jlk/5561563728",
"token": "JAmv4LlKo0J_AIf-CASP6yheUV-dsp1eg7UgSkVTIn4"
}
],
"combinations": [
[
0
],
[
1
]
]
}
2018-07-09 21:37:26,313:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: chuckokere.com
Type: unauthorized
Detail: Invalid response from http://chuckokere.com/.well-known/acme-challenge/zSunvP4bpSEosSY0bFyyoDd35FUo12rEt3TZqw6l9sM: "
404 Not Found
Not Found
<p"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2018-07-09 21:37:26,313:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 155, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 226, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. chuckokere.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://chuckokere.com/.well-known/acme-challenge/zSunvP4bpSEosSY0bFyyoDd35FUo12rEt3TZqw6l9sM: "

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: Domain Host is Godaddy, Server Host is Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

stevenzhu · July 10, 2018, 12:33am

Hi,

Can you please try to create a folder under the domain document root (named .well-known then a folder named acme-challenge under that folder.) After that, please try to create a file (random file) under the acme-challenge & test if that file is accessible from www.

P.S. is there any vHost for chuckokere.com?

Thank you

schoen · July 10, 2018, 12:47am

This test may help identify certain kinds of problems, but I just want to point out that it mirrors what certbot --webroot would do rather than what certbot --apache would do, as certbot --apache doesn't write its test files into an existing directory.

cokere · July 10, 2018, 2:58am

I did as he said (to create the directories and test accessing it)
This file is accessible via the web http://chuckokere.com/.well-known/acme-challenge/testing.txt
the file points to the directory /var/www/html/chukwumaokere/

which is the same web directory as https://chukwumaokere.com
Since they both share the same directory, they’ll share the same directories.

I even tried making /var/www/html/chuckokere/ and changing my .conf file to use that directory. And made that directory a symlink to /var/www/html/chukwumaokere/ which failed

cokere · July 10, 2018, 4:27am

I just tried adding this

<VirtualHost *:443>
ServerName chuckokere.com
ServerAlias www.chuckokere.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/chukwumaokere
    <Directory /var/www/html/chukwumaokere>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <IfModule mod_dir.c>
        DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
    </IfModule>
SSLCertificateFile /etc/letsencrypt/live/chukwumaokere.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/chukwumaokere.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

to my existing SSL file for chukwumaokere.com
it bypasses the chrome alert when accessing chuckokere.com, and automatically redirects to https, but its understandably crossed out as non valid https

schoen · July 10, 2018, 5:25am

If you want to make use of /var/www/html/chukwumaokere, you could try running Certbot with -a webroot -i apache instead of --apache.

cokere · July 10, 2018, 6:27am

Just tried. It let me specify the webroot but I get this error still:

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. chuckokere.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://chuckokere.com/.well-known/acme-challenge/rqE_bTRWAhY1Zs6pSmzdP10V3GUeuK0L7O8_a01F-a8: "
404 Not Found
Not Found
<p", www.chuckokere.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.chuckokere.com/.well-known/acme-challenge/-hzGO4_2A3kRAPMBIQ66KeNAzSTcIJua1Onq6ZcXFXY: " 404 Not Found
Not Found
<p"
IMPORTANT NOTES:

The following errors were reported by the server:

Domain: chuckokere.com
Type: unauthorized
Detail: Invalid response from
http://chuckokere.com/.well-known/acme-challenge/rqE_bTRWAhY1Zs6pSmzdP10V3GUeuK0L7O8_a01F-a8:
"
404 Not Found
Not Found
<p"
Domain: www.chuckokere.com
Type: unauthorized
Detail: Invalid response from
http://www.chuckokere.com/.well-known/acme-challenge/-hzGO4_2A3kRAPMBIQ66KeNAzSTcIJua1Onq6ZcXFXY:
"
404 Not Found
Not Found
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

I should probably clean up the changes i made to my chukwumaokere.com-le-ssl file and maybe get rid of the symlink for /var/www/html/chuckokere/ -> /var/www/html/chukwumaokere/
first. will try that

cokere · July 10, 2018, 6:33am

Solution worked.
I cleaned up all the extra files i was experimenting with (all the extra lines in my -le-ssl files and symlinks)
just set the vhost file to point to /var/www/html/chukwumaokere
then ran certbot -a webroot -i
followed along, (using /var/www/html/chukwumaokere/ as my webroot) and everythign worked cleanly.

Thanks @schoen

system · August 9, 2018, 6:33am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.