No way to install SSL certificate

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: tv-jv.fr

I ran this command:

It produced this output:

My web server is (include version): I would say Apache

The operating system my web server runs on is (include version): ubuntu 24.04

My hosting provider, if applicable, is: it doesn't install SSL certificates...

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): don't have

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): don't know

Hello everyone,

I'm a beginner so I'm having trouble installing an SSL certificate on my domain.

I'm using a VPS under ubuntu and no matter how many times I follow the tutorials, the procedure doesn't go all the way and in the end, the url is still http...

I enclose the log, and thank you in advance for any help!

letsencrypt.txt (204.6 KB)

2

Sorry, I can't find edit button...

I run this command : sudo certbot -v certonly --webroot -w /var/www/html -d tv-jv.fr
It produced this output: Domain: tv-jv.fr
Type: unauthorized
Detail: XX.XX.XXX.XXX: Invalid response from http://tv-jv.fr/.well-known/acme-challenge/4FwZBbBOhbae3bIQ0CsOBKONWDH2DfB6rvOSL7PP-tM: 404

3

Hello @5t6u7v, welcome to the Let's Encrypt community. :slightly_smiling_face:

Yet from the letsencrypt.txt you posted shows Server: nginx

Summary 
2025-01-22 13:11:52,955:DEBUG:certbot._internal.main:certbot version: 3.1.0
2025-01-22 13:11:52,955:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2025-01-22 13:11:52,955:DEBUG:certbot._internal.main:Arguments: ['--webroot']
2025-01-22 13:11:52,955:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-01-22 13:11:52,968:DEBUG:certbot._internal.log:Root logging level set at 30
2025-01-22 13:11:52,969:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2025-01-22 13:11:52,969:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x77d348903bf0>
Prep: True
2025-01-22 13:11:52,971:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x77d348903bf0> and installer None
2025-01-22 13:11:52,971:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2025-01-22 13:11:53,033:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2184877775', new_authzr_uri=None, terms_of_service=None), d8d16275f0289497b419491bb3453670, Meta(creation_dt=datetime.datetime(2025, 1, 22, 13, 10, 23, tzinfo=datetime.timezone.utc), creation_host='thomas', register_to_eff='thomas.varesi@ikmail.com'))>
2025-01-22 13:11:53,034:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-01-22 13:11:53,036:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-01-22 13:11:53,460:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 828
2025-01-22 13:11:53,461:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 22 Jan 2025 13:11:53 GMT
Content-Type: application/json
Content-Length: 828
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

And additional supplemental information Port 443 is not accessible to the Public Internet.

$ nmap -Pn -p80,443 tv-jv.fr
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-22 18:27 UTC
Nmap scan report for tv-jv.fr (45.147.98.34)
Host is up (0.17s latency).
rDNS record for 45.147.98.34: tvjv.ynh.fr

PORT    STATE    SERVICE
80/tcp  open     http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 2.97 seconds

Also

from letsencrypt.txt I see

2025-01-22 15:54:33,413:DEBUG:acme.client:Storing nonce: vH9x4oS1HzqubmydS7OJM-d59c_itiGCz6Z37DQBIdCnMVTB7Tw
2025-01-22 15:54:33,414:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-01-22 15:54:33,414:INFO:certbot._internal.auth_handler:http-01 challenge for tv-jv.fr
2025-01-22 15:54:33,414:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/mysite for all unmatched domains.
2025-01-22 15:54:33,415:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/mysite/.well-known/acme-challenge
2025-01-22 15:54:33,417:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/mysite/.well-known/acme-challenge/yG778Lb6ZH8JSDhFfPIP433yUPH-MbC-GwTi-J6DLwI
2025-01-22 15:54:33,418:DEBUG:acme.client:JWS payload:
b'{}'
2025-01-22 15:54:33,421:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/2184877775/464527687255/R1gfKA:

Namely these 2 lines
2025-01-22 15:54:33,415:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/mysite/.well-known/acme-challenge
2025-01-22 15:54:33,417:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/mysite/.well-known/acme-challenge/yG778Lb6ZH8JSDhFfPIP433yUPH-MbC-GwTi-J6DLwI
look to me like they are not pointing to the location you showed on the command line.

1 Like
4

That is the server for the acme-v02 endpoint. Not their server

2025-01-22 16:56:19,652:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/html for all unmatched domains.
2025-01-22 16:56:19,653:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2025-01-22 16:56:19,653:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2025-01-22 16:56:19,655:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/l7Don8HdrK7UsBCRVcuKgRD-ggRMm26os0EelBfU27o

Looks like multiple Certbot commands are in the same log. Later the webroot-path matches the latest command shown.

@5t6u7v Please show output of this

sudo apache2ctl -t -D DUMP_VHOSTS
1 Like
5

Thanks again Mike! :slight_smile:

2 Likes
6

Hello,

thanks for answer !
Here's the output :

apache2: Syntax error on line 225 of /etc/apache2/apache2.conf: Syntax error on line 108 of /etc/apache2/sites-enabled/default-ssl.conf: </VirtualHost> without matching <VirtualHost> section

Note: Mike edited as VirtualHost tags were lost due to forum formatting. Need to use "code" or preformatted text when posting tags.

2 Likes
7

What are the contents of that file?

1 Like
8

Here's the file in txt :
default-ssl.txt (4.7 KB)

Thanks !

9

The last line in that file is line 108. It is

</VirtualHost>

You should remove that. It does not match to a previous <Virtualhost>

Then try restarting Apache and see if it starts

2 Likes
11

I deleted it
And tried again with new errors :

Error while running apache2ctl configtest.

AH00526: Syntax error on line 8 of /etc/apache2/sites-enabled/default-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/tv-jv.fr/fullchain.pem' does not exist or is empty

The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error while running apache2ctl configtest.\n\nAH00526: Syntax error on line 8 of /etc/apache2/sites-enabled/default-ssl.conf:\nSSLCertificateFile: file '/etc/letsencrypt/live/tv-jv.fr/fullchain.pem' does not exist or is empty\n")

line 8 is : SSLCertificateFile /etc/letsencrypt/live/tv-jv.fr/fullchain.pem

12

Did you remove that certificate previously by any chance? Please read User Guide — Certbot 3.1.0 documentation with regard to removing certificates.

13

I would say no.
I should ? If yes, I'll follow user guide

14

Strange, I have some results with research of certificates :

sudo bash -c 'grep -R live/tv-jv.fr /etc/{nginx,httpd,apache2}'
grep: /etc/httpd: No such file or directory
/etc/apache2/sites-available/default-ssl.conf: SSLCertificateFile /etc/letsencrypt/live/tv-jv.fr/fullchain.pem
/etc/apache2/sites-available/default-ssl.conf: SSLCertificateKeyFile /etc/letsencrypt/live/tv-jv.fr/privkey.pem
/etc/apache2/sites-enabled/default-ssl.conf: SSLCertificateFile /etc/letsencrypt/live/tv-jv.fr/fullchain.pem
/etc/apache2/sites-enabled/default-ssl.conf: SSLCertificateKeyFile /etc/letsencrypt/live/tv-jv.fr/privkey.pem

But in repositories, I can't find them. By example, there's no /etc/letsencrypt/live folder

15

You cannot reference file names in Apache config that don't exist.

What does this show

sudo certbot certificates
1 Like
16

Did you by any chance re-use the Apache configuration from a different server on a new server?

17

It says : no certificates found.

@ Osiris : No, I only have one server (VPS)

18

Then where is the /etc/letsencrypt/ directory? Directories usually don't just vanish into thin air.

You should be able to fetch it from a backup if you or a collegue accidentally deleted that dir.

19

I have this directory ! but after /etc/letsencrypt, il looks empty (looking from filezilla)
If there was some hidden files, I don't know how to see them in filezilla.

20

You still need to fix your Apache config so you don't refer to those files that don't exist.

You have configured HTTPS VirtualHost before you got your certs.

1 Like
21

I didn't do anything to configure, I'm really beginner and just followed lets encrypt tutorials with command lines for apache/ubuntu.

I really don't know how to configure https VirtualHost... I'll make a research but any help would be useful