Partial certification worked. Fixing the wrong AAAA record for the failure now results in all domains failing

BIt of background first.
I work for a small IT provider and one of the things that are offered are websites on a homebrew CMS.
The other developer who knew this is not available anymore and that is why I as new guy suddenly get to do this.
Managed to get 2 out of 3 domains for this customer certified. The last one had an AAAA record pointing to 3rd party Hosting.
I got notified that this 3rd party fixed the record. They have from what I can see.
Now the problem is that after attempting to run certbot it rejected all domains.

My domain is:
bigbangbrands.nl, www.bigbangbrands.nl, bigbangbrands.abayocms.nl

First two are from the customer, the www domain was faulty. the abayocms domain is the one used internally by the CMS.

I ran this command:
certbot-auto certonly --expand --dry-run --keep-until-expiring --noninteractive --webroot -w /var/letsencrypt -d bigbangbrands.nl -d www.bigbangbrands.nl -d bigbangbrands.abayocms.nl

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for bigbangbrands.abayocms.nl
http-01 challenge for bigbangbrands.nl
http-01 challenge for www.bigbangbrands.nl
Using the webroot path /var/letsencrypt for all unmatched domains.
Waiting for verification…
Challenge failed for domain bigbangbrands.abayocms.nl
Challenge failed for domain bigbangbrands.nl
Challenge failed for domain www.bigbangbrands.nl
http-01 challenge for bigbangbrands.abayocms.nl
http-01 challenge for bigbangbrands.nl
http-01 challenge for www.bigbangbrands.nl
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version):
apache 2.2.15

The operating system my web server runs on is (include version):
Centos 6.8

My hosting provider, if applicable, is:
Self

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Partial

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.32

Hi @Sjoerd

you use /var/letsencrypt as webroot. This isn’t your real webroot, there must be a location block.

So

  • remove the location block and
  • use your real webroot

First try to create two directories

yourwebroot/.well-known/acme-challenge

there a file (file name 1234), load this via

http://bigbangbrands.nl/.well-known/acme-challenge/1234

Your config is ok, you have ipv4 and ipv6, but no special ipv6 problem (see the result of https://check-your-website.server-daten.de/?q=bigbangbrands.nl#url-checks ). So a wrong ipv6 configuration isn’t the problem.

Thank you. You were right when you wrote that this isn’t the webroot.
I would never have noticed the missing directory without that prodding (not sure where I lost it during trying to understand what went wrong for these domains).
And thank you for that website. I think I’ve seen two errors that might actually require action, at least on the level of learning enough to understand if I can leave them alone or not.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.