The operating system my web server runs on is (include version): Centos 7
I can login to a root shell on my machine
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.35.1
On Plesk the certificates looks ok, but whem i try to import them into glassfish, everything goes wrong.
There is no live folder and i cannot find a way to solve this.
How can i completely uninstall letsencrypt, and perform a clean installation?
Maybe Plesk doesn’t use Certbot at all. (Certbot is only one of around 100 applications that can obtain Let’s Encrypt certificates, although it was the original one.)
If you anticipate continuing to use Plesk here, maybe you can consult the Plesk documentation or Plesk forum to learn how to export certificates and keys from Plesk, or where they are stored on the server.
Thanks for your reply.
The problem is that certbot --auto returns a error saying i don’t have an A RECORD proving i have control over the site.
3 months ago, when i renewed the certificate, everything went ok.
Maybe if i try with some other client than certbot.
Can you indicate me a differen one please?
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2019-07-13 13:49:56,520:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 154, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.
Also, certbot --auto is not a command suggested by any of our documentation (it happens to work because it will be misinterpreted as an abbreviation of certbot --auto-hsts, but this form is never suggested and might be a confusion with certbot-auto). It would be really helpful if you could past the complete interaction from your terminal here, including copying and pasting exactly what you typed and the entire output of the Certbot command, not just a portion of it.
Well. I’ve made a mistake at the beginning of the post.
I used just now certbot -auto and the complete output was:
[root@server ~]# certbot -auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested uto plugin does not appear to be installed
The complete output of certbot --auto was:
root@server ~]# certbot -auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested uto plugin does not appear to be installed
[root@server ~]# certbot --auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: server.forerunner.pt
2: whatsmenu.pt
3: ipv4.whatsmenu.pt
4: webmail.whatsmenu.pt
5: www.whatsmenu.pt
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2 5
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for whatsmenu.pt
http-01 challenge for www.whatsmenu.pt
Waiting for verification...
Challenge failed for domain whatsmenu.pt
Challenge failed for domain www.whatsmenu.pt
http-01 challenge for whatsmenu.pt
http-01 challenge for www.whatsmenu.pt
Cleaning up challenges
Error while running apachectl graceful.
Job for httpd.service invalid.
Unable to restart apache using ['apachectl', 'graceful']
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: whatsmenu.pt
Type: unauthorized
Detail: Invalid response from
http://www.whatsmenu.pt/.well-known/acme-challenge/PMAR6U6vBTsXmnl7f9AUmh6wf59MyTspRv9PpC1YzE4
[185.15.20.181]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
Not Found</h1></center>\r\n<hr><center>"
Domain: www.whatsmenu.pt
Type: unauthorized
Detail: Invalid response from
http://www.whatsmenu.pt/.well-known/acme-challenge/FyyfHlzP8jgscTwvfdBoUQEsvzYDphXF3cN2bNWCMEg
[185.15.20.181]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
Not Found</h1></center>\r\n<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
root@server ~]# certbot -auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested uto plugin does not appear to be installed
[root@server ~]# certbot --auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: server.forerunner.pt
2: whatsmenu.pt
3: ipv4.whatsmenu.pt
4: webmail.whatsmenu.pt
5: www.whatsmenu.pt
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2 5
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for whatsmenu.pt
http-01 challenge for www.whatsmenu.pt
Waiting for verification...
Challenge failed for domain whatsmenu.pt
Challenge failed for domain www.whatsmenu.pt
http-01 challenge for whatsmenu.pt
http-01 challenge for www.whatsmenu.pt
Cleaning up challenges
Error while running apachectl graceful.
Job for httpd.service invalid.
Unable to restart apache using ['apachectl', 'graceful']
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: whatsmenu.pt
Type: unauthorized
Detail: Invalid response from
http://www.whatsmenu.pt/.well-known/acme-challenge/PMAR6U6vBTsXmnl7f9AUmh6wf59MyTspRv9PpC1YzE4
[185.15.20.181]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
Not Found</h1></center>\r\n<hr><center>"
Domain: www.whatsmenu.pt
Type: unauthorized
Detail: Invalid response from
http://www.whatsmenu.pt/.well-known/acme-challenge/FyyfHlzP8jgscTwvfdBoUQEsvzYDphXF3cN2bNWCMEg
[185.15.20.181]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
Not Found</h1></center>\r\n<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Well… I see its a big mess here.
At the beginning of this process, as with apache couldn’t install de certificate, i used nginx without success also.
Glassfish server is used for an app and everytime the renewal occurs i have to import them into glassfish so that the app keeps working. I know its not the best procedure, but its what i have now.
The big issue is the import process into glassfish which is failing. So i’ve decided to import letsencrypt cert manually and try to import it.
In the last renewal this was not necessary. I still don’t know what could have happened, but at this stage, my only concern is to retake the app online.
I’m running out of time and solutions…
Thanks again for you help