I am a noob at this stuff, so please don’t be too harsh. I’ve had this server running for a couple of years now, hosting spiegelbilder.studio on it. Today I added a second virtual host (endslate.ai, using the tutorial at https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-16-04) and it works. I can access the website but my old certificate for spiegelbilder.studio does not cover the new website (naturally). Now I wanted to use Certbot to manage certificates for both sites but when I run the certbot command I get an error (see below).
My domain is: www.endslate.ai
I ran this command: sudo certbot --apache
It produced this output:
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for endslate.ai
http-01 challenge for www.endslate.ai
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.endslate.ai (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.endslate.ai/.well-known/acme-challenge/UXqP6DRDDP8d08xkLrQ3--I4H_2IUXbW-coofetWiJA [148.251.158.38]: "\n<html dir=“ltr”>\n \n <meta charset=“utf-8” />\n <meta http-equiv=“content-type” content=“te”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): Apache 2
The operating system my web server runs on is (include version): Ubuntu 16.04 LTS 64bit
My hosting provider, if applicable, is: Strato AG
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0
@JuergenAuer thanks for the quick response!
I selected both domains when asked which ones I’d like to get a certificate for. When I select just the new one, I get an error as well:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for endslate.ai
http-01 challenge for www.endslate.ai
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. endslate.ai (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for endslate.ai
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: endslate.ai
Type: None
Detail: No valid IP addresses found for endslate.ai
@9peppe Alright, could you help me with that? Do you mean I have to edit the records via my domain provider or on the machine itself? If the latter is the case: how do I do that exactly?
@9peppe Thanks, that worked
Just one little thing didn’t work as intended: cerbot asked me whether I wanted to redirect http requests to https automatically and I said yes. But then is printed the following:
`Enhancement redirect was already set.`
`Enhancement redirect was already set.`
But the redirection does not work. Do you know what could be wrong? Thanks
What exactly would you need to see? There are 2 files for the domain in question: endslate.ai.conf and endslate.ai-le-ssl.conf … And of course two more for the other domain.
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port t$
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin info@endslate.ai
ServerName endslate.ai
ServerAlias www.endslate.ai
DocumentRoot /var/www/endslate.ai/public_html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.spiegelbilder.studio [OR]
RewriteCond %{SERVER_NAME} =spiegelbilder.studio
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
endslate.ai-li-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin info@endslate.ai
ServerName endslate.ai
ServerAlias www.endslate.ai
DocumentRoot /var/www/endslate.ai/public_html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =www.spiegelbilder.studio [OR]
# RewriteCond %{SERVER_NAME} =spiegelbilder.studio
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/endslate.ai/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/endslate.ai/privkey.pem
</VirtualHost>
</IfModule>