To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If youāre using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
name / version of OS: Ubuntu 16.04 Desktop
web server: Apache/2.4.18 (Ubuntu)
hosting provider: Optimum business w/5 static IPs
The method you were using ( webroot ) requires a working web server.
You may be better using the DNS-01 challenge if you only want it for the mail server, as that doesnāt require ports 80 or 443 and can just be done by adding a confirmation token to your DNS records.
Can you provide a URL with instructions for using the DNS-01 challenge method?
Check That, Please: Can you provide instructions for me to use your DNS-01 challenge method, given my network configuration of 1- iRedmail mail server with 1- static public IP, and 1- separate Apache2 web server on a different static public IP?
Thank you for your help with this matter. I greatly appreciate it.
it depends what you mean by āyour methodā. I personally donāt use certbot for the DNS challenge ( because I started using the DNS challenge before it was available in certbot). I use a bash script. Eitehr certbot or any of the bash scripts should work.
You use GoDaddy for your DNS records donāt you ? in which case probably acme.sh may be easiest, as that already has the script to connect direct to the GoDaddy API and update the DNS records as needed. The only bit it wonāt do is automatically upload the certs to your mail server and check itās installed correctly. I use GetSSL, (which I wrote, so am biased) because that will automatically upload the certs for you, and check they have been uploaded correctly on renewals. GetSSL has a range of DNS providers (16) that it currently supports, but GoDaddy isnāt one of them. It should be relatively easy to script that part though if needed.
First, let me thank you for your willingness to help, serverco.
I Got my DNS AND Port Forwarding on my router completely straightened out, did a fresh/clean VM Workstation 12 build of Ubuntu 16.04 Desktop, then installed iRedMail again - and then I was able to successfully obtain a free SSL certificate from Letās Encrypt using the webroot method via the command:
The problem now: apache2 service wonāt start. This happened after I followed the instructions for āInstalling the Certificateā on this URL:
Up until this point above, everything went through without a problem.
When I check apache2.service status: systemctl status apache2.service
I get the following results:
apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
āāapache2-systemd.conf
Active: failed (Result: exit-code) since Tue 2017-01-31 16:16:40 EST; 1min 24s ago
Docs: man:systemd-sysv-generator(8)
Process: 7928 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)
Jan 31 16:16:40 mail apache2[7928]: * The apache2 configtest failed.
Jan 31 16:16:40 mail apache2[7928]: Output of config test was:
Jan 31 16:16:40 mail apache2[7928]: AH00526: Syntax error on line 29 of /etc/apache2/sites-enabled/000-
Jan 31 16:16:40 mail apache2[7928]: Invalid command āRewriteEngineā, perhaps misspelled or defined by a
Jan 31 16:16:40 mail apache2[7928]: Action āconfigtestā failed.
Jan 31 16:16:40 mail apache2[7928]: The Apache error log may have more information.
Jan 31 16:16:40 mail systemd[1]: apache2.service: Control process exited, code=exited status=1
Jan 31 16:16:40 mail systemd[1]: Failed to start LSB: Apache2 web server.
Jan 31 16:16:40 mail systemd[1]: apache2.service: Unit entered failed state.
Jan 31 16:16:40 mail systemd[1]: apache2.service: Failed with result 'exit-code
Jan 31 16:16:40 mail apache2[7928]: AH00526: Syntax error on line 29 of /etc/apache2/sites-enabled/000-
Jan 31 16:16:40 mail apache2[7928]: Invalid command 'RewriteEngine', perhaps misspelled or defined by a
Jan 31 16:16:40 mail apache2[7928]: Action 'configtest' failed.
can you check the file there ( I can't see the whole file name from what you pasted ) and check for the error RewriteEngine
RewriteEngine on
RewriteCond %{SERVER_NAME} =mail.freeholdcomputertech.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
and then run
Commented out those 3 lines, then ran apachectl -t results are:
AH00526: Syntax error on line 34 of /etc/apache2/sites-enabled/default-ssl.conf:
SSLCertificateFile: file ā/etc/letsencrypt/live/mail.freeholdcomputertech.com/fullchain.pemā does not exist or is empty
Action ā-tā failed.
I canāt see a typo there ā¦ have the files got contents in them ( certificates - but donāt paste the contents of the privatekey here - the others are safe to paste if you are unsure )
is there any typo in the link ā¦
SSLCertificateFile: file ā/etc/letsencrypt/live/mail.freeholdcomputertech.com/fullchain.pemā does not exist or is empty
alternatively it could be permissions that apache canāt read the file.
there are no typos in that linkā¦I was thinking, I had to sudo in order to ls the contents of /etc/letsencrypt/live/mail.freeholdcomputertech.com/ ā¦could it be that apache doesnāt have permissions needed to read that file?
That could be the case, yes - not knowing what your permissions and ownership are on the files, I canāt be certain. You should ensure that apache has read permissions on those files.