New Certificate for second virtual host

Greetings,

I am a noob at this stuff, so please don’t be too harsh. I’ve had this server running for a couple of years now, hosting spiegelbilder.studio on it. Today I added a second virtual host (endslate.ai, using the tutorial at https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-16-04) and it works. I can access the website but my old certificate for spiegelbilder.studio does not cover the new website (naturally). Now I wanted to use Certbot to manage certificates for both sites but when I run the certbot command I get an error (see below).


My domain is: www.endslate.ai

I ran this command: sudo certbot --apache

It produced this output:

Renewing an existing certificate
Performing the following challenges:
http-01 challenge for endslate.ai
http-01 challenge for www.endslate.ai
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.endslate.ai (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.endslate.ai/.well-known/acme-challenge/UXqP6DRDDP8d08xkLrQ3--I4H_2IUXbW-coofetWiJA [148.251.158.38]: "\n<html dir=“ltr”>\n \n <meta charset=“utf-8” />\n <meta http-equiv=“content-type” content=“te”

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.endslate.ai
    Type: unauthorized
    Detail: Invalid response from
    http://www.endslate.ai/.well-known/acme-challenge/UXqP6DRDDP8d08xkLrQ3--I4H_2IUXbW-coofetWiJA
    [148.251.158.38]: "\n<html dir=“ltr”>\n

    \n \n <meta http-equiv=\"content-type\" content=\"te"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): Apache 2

The operating system my web server runs on is (include version): Ubuntu 16.04 LTS 64bit

My hosting provider, if applicable, is: Strato AG

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

1 Like

Hi @matveyfridman

why is there

a renew?

2 Likes

@JuergenAuer thanks for the quick response!
I selected both domains when asked which ones I’d like to get a certificate for. When I select just the new one, I get an error as well:


Obtaining a new certificate

Performing the following challenges:

http-01 challenge for endslate.ai

http-01 challenge for www.endslate.ai

Waiting for verification…

Cleaning up challenges

Failed authorization procedure. endslate.ai (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for endslate.ai

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: endslate.ai

Type: None

Detail: No valid IP addresses found for endslate.ai

1 Like

You need to edit your dns records.

You currently have:

www       1799    IN      A       81.169.195.200

You should have:

@        1799    IN      A       81.169.195.200
www        1799    IN      A       81.169.195.200

or:

@        1799    IN      A       81.169.195.200
www        1799    IN      CNAME       @

(ANAME is probaly better than CNAME here)

2 Likes

@9peppe Alright, could you help me with that? Do you mean I have to edit the records via my domain provider or on the machine itself? If the latter is the case: how do I do that exactly?

1 Like

Via your dns provider. It’s usually who you bought the domain from.

# dig +short ns endslate.ai
dns1.registrar-servers.com.
dns2.registrar-servers.com.

(It looks like it’s namecheap)

Go in their interface and add an A record for your second level domain (you already have one for a third level domain named www.)

You need to enter @ as host. https://webcache.googleusercontent.com/search?q=cache:w-aFElfW3PgJ:https://www.namecheap.com/support/knowledgebase/article.aspx/319/2237/how-can-i-set-up-an-a-address-record-for-my-domain+&cd=7&hl=en&ct=clnk&gl=it&client=ubuntu

3 Likes

@9peppe Thanks, that worked :slight_smile:
Just one little thing didn’t work as intended: cerbot asked me whether I wanted to redirect http requests to https automatically and I said yes. But then is printed the following:

`Enhancement redirect was already set.`
`Enhancement redirect was already set.`

But the redirection does not work. Do you know what could be wrong? Thanks :slight_smile:

1 Like

Not without seeing the files in /etc/apache2/sites-enabled/ :slight_smile:

2 Likes

What exactly would you need to see? There are 2 files for the domain in question: endslate.ai.conf and endslate.ai-le-ssl.conf … And of course two more for the other domain.

1 Like

I need to see the lines from <VirtualHost something:80> to </VirtualHost>

(there can be more than one set)

2 Likes

endslate.ai.conf

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port t$
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin info@endslate.ai
        ServerName endslate.ai
        ServerAlias www.endslate.ai
        DocumentRoot /var/www/endslate.ai/public_html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.spiegelbilder.studio [OR]
RewriteCond %{SERVER_NAME} =spiegelbilder.studio
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

endslate.ai-li-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin info@endslate.ai
        ServerName endslate.ai
        ServerAlias www.endslate.ai
        DocumentRoot /var/www/endslate.ai/public_html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =www.spiegelbilder.studio [OR]
# RewriteCond %{SERVER_NAME} =spiegelbilder.studio
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/endslate.ai/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/endslate.ai/privkey.pem
</VirtualHost>
</IfModule>

That’s your error, that should read endslate.ai and www.endslate.ai.

2 Likes

@9peppe Thanks a lot, now everyhing works as intended :tada:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.