No names were found in your configuration files


#1

My domain is: be-a-part.net (and 40 more)

I ran this command: certbot-auto --apache

It produced this output:
No names were found in your configuration files…

Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

My Webserver is: Apache/2.2.3

The operating system my web server runs on is (include version):
2.6.32-5-amd64 … x86_64 GNU/Linux, based on Debian (unknown)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.30.2

More Information:
OpenSSL 1.0.1e

/etc/apache2/apache.conf:
...
# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/[^.#]*
...

Loaded Modules:
core mod_log_config mod_logio prefork http_core mod_so mod_actions mod_alias mod_auth_basic mod_authn_file mod_authz_default mod_authz_groupfile mod_authz_host mod_authz_user mod_autoindex mod_cgi mod_dav mod_dav_fs mod_dir mod_env mod_mime mod_negotiation mod_php5 mod_rewrite mod_setenvif mod_ssl mod_status mod_userdir

/etc/apache2/ports.conf:
Listen 80
<IfModule mod_ssl.c>
Listen 443
</IfModule>

/etc/apache2/sites-enabled/
42 files, one per vhost

first vhost = /etc/apache2/sites-enabled/000-default
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin webmaster@be-A-part.de
ServerName www.be-a-part.net
ScriptAlias /global-cgi-bin/ /usr/lib/cgi-bin/
<Directory "/var/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
DocumentRoot /srv/www/htdocs
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /srv/www/htdocs>
#Indexes rausgenommen ( 2004-12-25 domi )
Options FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
allow from all
</Directory>
...
</VirtualHost>

I dont understand why certbot don’t find names in the config files nor does find any virtual hosts
Any help would be welcome,
Mike


#2

Hi @hotti1

if you have one file per vHost and your default host has ServerName www.be-a-part.net, then this name is not unique.

ServerNames must be unique so Certbot knows which vHost is relevant.

So remove www.be-a-part.net from your standard-vHost if there is another vHost with the same name.


#3

Hi @JuergenAuer - danke für deine Antworten

Of course, there is no vhost with the same name:

# grep www.be-a-part.net /etc/apache2/sites-enabled/*
/etc/apache2/sites-enabled/000-default: ServerName www.be-a-part.net
#


#4

Then create one and use another (may be not existing) name with the default host.


#5

Hi @JuergenAuer - danke für deine Antworten

Ok, done. (But i don’t understand why…)
Result: no change in the output from certbot

# ./certbot-auto --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
...

Here you can see the Log-File: http://www.md-soft.com/letsencrypt.log


#6

Add your domain names:

certbot -auto --apache -d be-a-part.net -d www.be-a-part.net

PS: Looks like Certbot thinks this in an unattendend renew. But doesn’t know a domain name.


#7

Hi @JuergenAuer

Unfortunately that does not help, I tried everything yesterday. But again:

# ./certbot-auto --apache -d be-a-part.net -d www.be-a-part.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for be-a-part.net
http-01 challenge for www.be-a-part.net
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

don’t know. but after i remove all “/etc/letsencrypt/*”, the results are the same


#8

Uh - what’s that? Another user had the same problem - this is terrible. Use

Include /etc/apache2/sites-enabled/*

#9

Even worse, I just found that certbot-auto has killed all apache2 processes


#10

Òó :open_mouth:
ok, i will try


#11

@JuergenAuer

So now he finds the virtual hosts. Incidentally, the previous syntax of the include tag is from the original distribution.

The creation of a certificate still fails. I can not even open the firewall now, that’s a productive system. Is there an understandable explanation of exactly what the Certbot does or wants to do?

Output:

...
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 19
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.be-a-part.net
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.be-a-part.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.be-a-part.net/.well-known/acme-challenge/0MHfrfGX-_mkHc30ZIPrZCbe9sWHBX57gJhEm7DeEP8: Connection refused

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.be-a-part.net
   Type:   connection
   Detail: Fetching
   http://www.be-a-part.net/.well-known/acme-challenge/0MHfrfGX-_mkHc30ZIPrZCbe9sWHBX57gJhEm7DeEP8:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

Logfile: http://www.md-soft.com/letsencrypt.log


#12

Certbot creates a temporary redirect, that doesn’t work. Certbot doesn’t understand your config.

But you have tested your domain yesterday via https://check-your-website.server-daten.de/?q=be-a-part.net - there http + /.well-known/acme-challenge works.

Domainname Http-Status redirect Sec. G
http://be-a-part.net/
78.47.196.63 200 0.053 H
http://www.be-a-part.net/
78.47.196.63 200 0.050 H
https://be-a-part.net/
78.47.196.63 -14 10.023 T
Timeout - The operation has timed out
https://www.be-a-part.net/
78.47.196.63 -14 10.024 T
Timeout - The operation has timed out
http://be-a-part.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
78.47.196.63 404 0.050 A
Not Found
http://www.be-a-part.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
78.47.196.63 404 0.047 A
Not Found

The http status 404 is good, port 80 answers, the file is unknown.

So use your DocumentRoot.

certbot run -a webroot -i apache -w yourDocumentRoot -d be-a-part.net -d www.be-a-part.net

#13

Hi @JuergenAuer

I read that from the logfile, but it does not answer my question.
The meaning does not open to me. So again: Is there an understandable explanation of what certbot does and why?

That will not work in my opinion. For security reasons, the document root is fetched on the fly from outside at runtime. That’s why the redirect can not work either.
2 more questions:
a) Should I now call certbot individually for all 104 “names”? Very tedious … what about the renew?
b) You mean “certbot” directly, not certbot-auto?

Thank you and have a nice evening


#14

Start there:

Letsencrypt uses the ACME-Protocol, so this

https://tools.ietf.org/html/draft-ietf-acme-acme-18

is the next step. Certbot must follow these rules.

If you have special requirements, then one of these official clients may be the wrong way.

Perhaps you should create your own client using one of the ACME-Apis

instead of a client like Certbot.


closed #16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.