Not completed validation

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: server.kreativ-schmie.de

I ran this command: sudo certbot certonly

It produced this output:
IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: server.kreativ-schmie.de
  Type: unauthorized
  Detail: Invalid response from
  Server Kreativ-Schmiede
  [77.0.128.145]: "\n\n\n<sty"

  To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

My web server is (include version): Rumpus server software 7.2.2

The operating system my web server runs on is (include version): Mac OS 10.14

My hosting provider, if applicable, is: Strato AG

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.14.0

I'm using a server software on my Mac with DynDNS from my hoster with the subdomain above and portforwarding in my router FritzBox 7490.

I have installed Brew and Certbot with the terminal. By completing the validation with the command above in the terminal to get the certificate I get the error message above.

In a Mac forum some users have told me that the issue is the appearing "/Login?" in the URL that is attached by the server software.

How can I complete the validation?

Regards

Thobie

Welcome to the Let's Encrypt Community, Thobie

I concur with their conclusions. In particular, the question mark turns the rest of the path into a GET parameter.

https://www.redirect-checker.org/index.php

>>> http://server.kreativ-schmie.de/.well-known/acme-challenge/letsdebug-test

> --------------------------------------------
> 302 Moved Temporarily
> --------------------------------------------

Status: 302 Moved Temporarily
Code: 302
Server: Rumpus
Date: Fri, 23 Apr 2021 23:28:16 GMT
Content-type: text/html
Content-length: 0
Location: http://server.kreativ-schmie.de/Login?/.well-known/acme-challenge/letsdebug-test
Connection: close

>>> http://server.kreativ-schmie.de/Login?/.well-known/acme-challenge/letsdebug-test

> --------------------------------------------
> 200 OK
> --------------------------------------------

Status: 200 OK
Code: 200
Server: Rumpus
Date: Fri, 23 Apr 2021 23:28:16 GMT
Content-type: text/html; charset=UTF-8
Content-length: 3158
Pragma: no-cache
Cache-Control: no-cache
Expires: 0
Connection: close

Hello, Griffin,

and how can I fix the issue to complete the validation?

Regards

Thobie

You'll need to look into modifying your Rumpus webserver configuration to add an exception for serving /.well-known/acme-challenge/ without the redirect.

Hello, Griffin,

if you click the subdomain server.kreativ-schmie.de you will see in the browser that the URL Server Kreativ-Schmiede is shown without question mark.

Regards

Thobie

That's because the browser is trimming the empty parameter set.

Hello, Griffin,

do you know how I can do this modifying of the configuration to add an exception?

Regards

Thobie

I'm not directly familiar, but this might help:

https://www.maxum.com/Rumpus/Blog/LetsEncrypt.html

The folder is ".well-known" not "well-known".

Hello Griffin,

exactly according to these instructions I tried to get the Let's encrypt certificate, but every time I get this error message.

If I want to create a folder named ".well-known" I get the following error message:

Names cannot begin with a period “.” As these names are reserved for the system. Please choose another name.

Regards

Thobie

Hello, Griffin,

I now have changed the folder name into ".well-known".

Now the verification has fetched but with another error message:

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: server.kreativ-schmie.de
  Type: connection
  Detail: Fetching
  http://server.kreativ-schmie.de/.well-known/acme-challenge/MaM6EJrhjorpS2oNeby833zjFJAvVnQIBAOFLC_OxGY:
  Connection refused

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you're using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided.

Regards

Thobie

Progress!

I'm now seeing ports 80 and 443 are both closed though.

Hello,

I have entered the path to the Rumpus config folder exactly, as asked for the webroot for my server.

Regards

Thobie

Is your webserver running?

If you're using the webroot authenticator of certbot, you don't want to include the /.well-known part in the path.

You might need to remove the period before .well-known for Rumpus to work right. It may have a special exception.

I'll be back a bit later.

Where do I find the webroot authenticator of Certbot?

If it's asking for a webroot path, you're using the webroot authenticator.

Your server is currently unreachable via port 80.

Now it's back.

You need to find out where that login redirect is coming from.

Sorry, after changing the folder name I have forgotten to activate the server software once again.

According to this notice on John"s Blog:

"When asked for the webroot for your server, enter the following path to the Rumpus config folder, exactly: /usr/local/Rumpus/"

I have entered the path.

How can I use the webroot authenticator?