No certs found using certbot

Could you post the exact message from Certbot?

Of course. Thanks
The message is “no certs found”

I’m sorry for my mistake. The command was certbot certificates. The error message was as written before

What about the error message when you try to issue a certificate using certbot-auto?

1 Like

The A RECORD is there. I don’t know what could be causing this error

Please post the exact error message from certbot-auto.

Thanks for your care. Here is the log
Domain: whatsmenu.pt
Type: unauthorized
Detail: Invalid response from http://www.whatsmenu.pt/.well-known/acme-challenge/jVdhzM8tX7Slis3cKTi-OrRvBWKvmnbRVbfRaXfA4ec [185.15.20.181]: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2019-07-13 13:49:56,520:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 154, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.

What’s the exact command you ran, and the earlier part of the output?

The exact command was certbot --auto.
I don’t think there was earlier messages on the output

This is different from what you said before:

Also, certbot --auto is not a command suggested by any of our documentation (it happens to work because it will be misinterpreted as an abbreviation of certbot --auto-hsts, but this form is never suggested and might be a confusion with certbot-auto). It would be really helpful if you could past the complete interaction from your terminal here, including copying and pasting exactly what you typed and the entire output of the Certbot command, not just a portion of it.

Well. I’ve made a mistake at the beginning of the post.
I used just now certbot -auto and the complete output was:

[root@server ~]# certbot -auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested uto plugin does not appear to be installed

The complete output of certbot --auto was:

root@server ~]# certbot -auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested uto plugin does not appear to be installed
[root@server ~]# certbot --auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: server.forerunner.pt
2: whatsmenu.pt
3: ipv4.whatsmenu.pt
4: webmail.whatsmenu.pt
5: www.whatsmenu.pt
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2 5
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for whatsmenu.pt
http-01 challenge for www.whatsmenu.pt
Waiting for verification...
Challenge failed for domain whatsmenu.pt
Challenge failed for domain www.whatsmenu.pt
http-01 challenge for whatsmenu.pt
http-01 challenge for www.whatsmenu.pt
Cleaning up challenges
Error while running apachectl graceful.

Job for httpd.service invalid.

Unable to restart apache using ['apachectl', 'graceful']
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: whatsmenu.pt
   Type:   unauthorized
   Detail: Invalid response from
   http://www.whatsmenu.pt/.well-known/acme-challenge/PMAR6U6vBTsXmnl7f9AUmh6wf59MyTspRv9PpC1YzE4
   [185.15.20.181]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   Domain: www.whatsmenu.pt
   Type:   unauthorized
   Detail: Invalid response from
   http://www.whatsmenu.pt/.well-known/acme-challenge/FyyfHlzP8jgscTwvfdBoUQEsvzYDphXF3cN2bNWCMEg
   [185.15.20.181]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
root@server ~]# certbot -auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested uto plugin does not appear to be installed
[root@server ~]# certbot --auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: server.forerunner.pt
2: whatsmenu.pt
3: ipv4.whatsmenu.pt
4: webmail.whatsmenu.pt
5: www.whatsmenu.pt
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2 5
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for whatsmenu.pt
http-01 challenge for www.whatsmenu.pt
Waiting for verification...
Challenge failed for domain whatsmenu.pt
Challenge failed for domain www.whatsmenu.pt
http-01 challenge for whatsmenu.pt
http-01 challenge for www.whatsmenu.pt
Cleaning up challenges
Error while running apachectl graceful.

Job for httpd.service invalid.

Unable to restart apache using ['apachectl', 'graceful']
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: whatsmenu.pt
   Type:   unauthorized
   Detail: Invalid response from
   http://www.whatsmenu.pt/.well-known/acme-challenge/PMAR6U6vBTsXmnl7f9AUmh6wf59MyTspRv9PpC1YzE4
   [185.15.20.181]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   Domain: www.whatsmenu.pt
   Type:   unauthorized
   Detail: Invalid response from
   http://www.whatsmenu.pt/.well-known/acme-challenge/FyyfHlzP8jgscTwvfdBoUQEsvzYDphXF3cN2bNWCMEg
   [185.15.20.181]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I hope you don’t mind, but I’ve edited your last two posts so that the markup doesn’t blow up.

You can stop passing -auto or --auto to Certbot.

-auto or -a uto is short for --authenticator uto, which, as you saw, doesn’t work.

And --auto is short for --auto-hsts, as schoen said.

certbot-autowithout any spaces – is sometimes the name of the Certbot executable; you are using certbot, so you don’t need to type -auto or --auto.

Certbot is automatically trying to use the Apache plugin, which is failing for some reason, so Certbot is unable to create a certificate.

http://whatsmenu.pt/ and http://www.whatsmenu.pt/ are both running Nginx.

Do you know what’s going on? Are you using both Apache and Nginx? Are you running Certbot on the same server that the website uses?

How are GlassFish and Plesk involved? Why not use Plesk’s certificate mangement?

1 Like

Thanks for your help here mnordhoff

Well… I see its a big mess here.
At the beginning of this process, as with apache couldn’t install de certificate, i used nginx without success also.
Glassfish server is used for an app and everytime the renewal occurs i have to import them into glassfish so that the app keeps working. I know its not the best procedure, but its what i have now.
The big issue is the import process into glassfish which is failing. So i’ve decided to import letsencrypt cert manually and try to import it.
In the last renewal this was not necessary. I still don’t know what could have happened, but at this stage, my only concern is to retake the app online.
I’m running out of time and solutions…
Thanks again for you help

Any other ideas? As probably you have already noticed, I’m not very experienced with this kind of matters

Could you please describe your port forwarding or proxy setup so that we can better understand the path of an incoming request from the Internet? Maybe that will help us to see why the authentication step is currently failing.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.