No certs found using certbot

My domain is: whatsmenu.pt

I ran this command: certbot certificates

It produced this output: no certs found

My web server is (include version): apache

The operating system my web server runs on is (include version): Centos 7

I can login to a root shell on my machine

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.35.1

On Plesk the certificates looks ok, but whem i try to import them into glassfish, everything goes wrong.
There is no live folder and i cannot find a way to solve this.
How can i completely uninstall letsencrypt, and perform a clean installation?

Hi @Jokawalker,

Maybe Plesk doesn’t use Certbot at all. (Certbot is only one of around 100 applications that can obtain Let’s Encrypt certificates, although it was the original one.)

If you anticipate continuing to use Plesk here, maybe you can consult the Plesk documentation or Plesk forum to learn how to export certificates and keys from Plesk, or where they are stored on the server.

Thanks for your reply.
The problem is that certbot --auto returns a error saying i don’t have an A RECORD proving i have control over the site.
3 months ago, when i renewed the certificate, everything went ok.
Maybe if i try with some other client than certbot.
Can you indicate me a differen one please?

Could you post the exact message from Certbot?

Of course. Thanks
The message is “no certs found”

I’m sorry for my mistake. The command was certbot certificates. The error message was as written before

What about the error message when you try to issue a certificate using certbot-auto?

1 Like

The A RECORD is there. I don’t know what could be causing this error

Please post the exact error message from certbot-auto.

Thanks for your care. Here is the log
Domain: whatsmenu.pt
Type: unauthorized
Detail: Invalid response from http://www.whatsmenu.pt/.well-known/acme-challenge/jVdhzM8tX7Slis3cKTi-OrRvBWKvmnbRVbfRaXfA4ec [185.15.20.181]: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2019-07-13 13:49:56,520:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 154, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.

What’s the exact command you ran, and the earlier part of the output?

The exact command was certbot --auto.
I don’t think there was earlier messages on the output

This is different from what you said before:

Also, certbot --auto is not a command suggested by any of our documentation (it happens to work because it will be misinterpreted as an abbreviation of certbot --auto-hsts, but this form is never suggested and might be a confusion with certbot-auto). It would be really helpful if you could past the complete interaction from your terminal here, including copying and pasting exactly what you typed and the entire output of the Certbot command, not just a portion of it.

Well. I’ve made a mistake at the beginning of the post.
I used just now certbot -auto and the complete output was:

[root@server ~]# certbot -auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested uto plugin does not appear to be installed

The complete output of certbot --auto was:

root@server ~]# certbot -auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested uto plugin does not appear to be installed
[root@server ~]# certbot --auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: server.forerunner.pt
2: whatsmenu.pt
3: ipv4.whatsmenu.pt
4: webmail.whatsmenu.pt
5: www.whatsmenu.pt
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2 5
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for whatsmenu.pt
http-01 challenge for www.whatsmenu.pt
Waiting for verification...
Challenge failed for domain whatsmenu.pt
Challenge failed for domain www.whatsmenu.pt
http-01 challenge for whatsmenu.pt
http-01 challenge for www.whatsmenu.pt
Cleaning up challenges
Error while running apachectl graceful.

Job for httpd.service invalid.

Unable to restart apache using ['apachectl', 'graceful']
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: whatsmenu.pt
   Type:   unauthorized
   Detail: Invalid response from
   http://www.whatsmenu.pt/.well-known/acme-challenge/PMAR6U6vBTsXmnl7f9AUmh6wf59MyTspRv9PpC1YzE4
   [185.15.20.181]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   Domain: www.whatsmenu.pt
   Type:   unauthorized
   Detail: Invalid response from
   http://www.whatsmenu.pt/.well-known/acme-challenge/FyyfHlzP8jgscTwvfdBoUQEsvzYDphXF3cN2bNWCMEg
   [185.15.20.181]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
root@server ~]# certbot -auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested uto plugin does not appear to be installed
[root@server ~]# certbot --auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: server.forerunner.pt
2: whatsmenu.pt
3: ipv4.whatsmenu.pt
4: webmail.whatsmenu.pt
5: www.whatsmenu.pt
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2 5
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for whatsmenu.pt
http-01 challenge for www.whatsmenu.pt
Waiting for verification...
Challenge failed for domain whatsmenu.pt
Challenge failed for domain www.whatsmenu.pt
http-01 challenge for whatsmenu.pt
http-01 challenge for www.whatsmenu.pt
Cleaning up challenges
Error while running apachectl graceful.

Job for httpd.service invalid.

Unable to restart apache using ['apachectl', 'graceful']
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: whatsmenu.pt
   Type:   unauthorized
   Detail: Invalid response from
   http://www.whatsmenu.pt/.well-known/acme-challenge/PMAR6U6vBTsXmnl7f9AUmh6wf59MyTspRv9PpC1YzE4
   [185.15.20.181]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   Domain: www.whatsmenu.pt
   Type:   unauthorized
   Detail: Invalid response from
   http://www.whatsmenu.pt/.well-known/acme-challenge/FyyfHlzP8jgscTwvfdBoUQEsvzYDphXF3cN2bNWCMEg
   [185.15.20.181]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I hope you don’t mind, but I’ve edited your last two posts so that the markup doesn’t blow up.

You can stop passing -auto or --auto to Certbot.

-auto or -a uto is short for --authenticator uto, which, as you saw, doesn’t work.

And --auto is short for --auto-hsts, as schoen said.

certbot-autowithout any spaces – is sometimes the name of the Certbot executable; you are using certbot, so you don’t need to type -auto or --auto.

Certbot is automatically trying to use the Apache plugin, which is failing for some reason, so Certbot is unable to create a certificate.

http://whatsmenu.pt/ and http://www.whatsmenu.pt/ are both running Nginx.

Do you know what’s going on? Are you using both Apache and Nginx? Are you running Certbot on the same server that the website uses?

How are GlassFish and Plesk involved? Why not use Plesk’s certificate mangement?

1 Like

Thanks for your help here mnordhoff

Well… I see its a big mess here.
At the beginning of this process, as with apache couldn’t install de certificate, i used nginx without success also.
Glassfish server is used for an app and everytime the renewal occurs i have to import them into glassfish so that the app keeps working. I know its not the best procedure, but its what i have now.
The big issue is the import process into glassfish which is failing. So i’ve decided to import letsencrypt cert manually and try to import it.
In the last renewal this was not necessary. I still don’t know what could have happened, but at this stage, my only concern is to retake the app online.
I’m running out of time and solutions…
Thanks again for you help