Please help. I'm on the last step of obtaining certificate


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.everythingorganicsite.com

I ran this command:sudo certbot --nginx certonly

It produced this output: Password:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator nginx, Installer nginx

No names were found in your configuration files. Please enter in your domain

name(s) (comma and/or space separated) (Enter ‘c’ to cancel): www, everythingorganicsite and com

Obtaining a new certificate

An unexpected error occurred:

The request message was malformed :: Error creating new order :: DNS name does not have enough labels

Please see the logfiles in /var/log/letsencrypt for more details.

Jessas-MacBook-Air:~ jessamae$

My web server is (include version): Ngingx

The operating system my web server runs on is (include version): MacOS

My hosting provider, if applicable, is: HostNine

I can login to a root shell on my machine (yes or no, or I don’t know): No

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


#2

Hi @everythingorganic

there is a comma after www, so you want to create a certificate with www as name.

Type in your complete domain name www.everythingorganicsite.com or start with

sudo certbot --nginx certonly -d www.everythingorganicsite.com

#3

Please see the logfiles in /var/log/letsencrypt for more details.

Jessas-MacBook-Air:~ jessamae$ sudo certbot --nginx certonly -d www.everythingorganicsite.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator nginx, Installer nginx

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for www.everythingorganicsite.com

Using default address 80 for authentication.

Waiting for verification…

Cleaning up challenges

Failed authorization procedure. www.everythingorganicsite.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.everythingorganicsite.com/.well-known/acme-challenge/XNd5Bc7z0MmYkeiRnIOlUHf4BEo5MOA_RiskNkLixqk: “<!DOCTYPE html>\r\n<html lang=“en-US”>\r\n<head>\r\n<meta http-equiv=“X-UA-Compatible” content=“IE=Edge”>\r\n<meta charset=“UTF-8”>\r\n<me”

IMPORTANT NOTES:

Type: unauthorized

Detail: Invalid response from

http://www.everythingorganicsite.com/.well-known/acme-challenge/XNd5Bc7z0MmYkeiRnIOlUHf4BEo5MOA_RiskNkLixqk:

"<!DOCTYPE html>\r\n<html lang=“en-US”>\r\n<head>\r\n<meta

http-equiv=“X-UA-Compatible” content=“IE=Edge”>\r\n<meta

charset=“UTF-8”>\r\n<me"

To fix these errors, please make sure that your domain name was

entered correctly and the DNS A/AAAA record(s) for that domain

contain(s) the right IP address.


#4

It’s still now working. Not sure what’s wrong


#5

Then certbot doesn’t understand your configuration.

Your main configuration looks ok ( https://check-your-website.server-daten.de/?q=everythingorganicsite.com ):

Port 80 is open, a redirect http + www to http + non-www, then a not found.

So check your vHost-configuration to find something like

server {
        listen 80 yourServer;

        root /var/www/html;

}

root is your webroot, then use this:

certbot run -a webroot -i nginx -w yourWebRoot -d www.everythingorganicsite.com -d everythingorganicsite.com

You have both domain names

Host T IP-Address is auth. ∑ Queries ∑ Timeout
everythingorganicsite.com A 143.95.1.164 yes 2 0
AAAA yes
www.everythingorganicsite.com C everythingorganicsite.com yes 1 0
A 143.95.1.164 yes

in your dns defined, so your certificate should have both domain names.


#6

where can I find vHost-configuration? Sorry my first time to use let’s encrypt


#7

There should be a directory

/etc/nginx/sites-available/

with files.


#8

Jessas-MacBook-Air:sites-enabled jessamae$ open /usr/local/etc/nginx/sites-available

yes there is already. where can I find the configuration? thank you for your help


#9

Are you really hosting the site on your MacBook?

If not, you need to run certbot on the web server (via SSH)… but

That might be a problem. Are you using shared hosting or a VPS or dedicated server?


#10

But I see sudo was used:


#11

Yes, sudo was used… on what appears to be a MacBook Air… I am just wondering if that is really the web server


#12

I’ve just noticed that you already have a valid certificate installed on your site, from another CA - which is valid until 2020…

You are of course welcome to replace it with a Let’s Encrypt certificate if you want to :slight_smile: But I’m now wondering if maybe you are using something like cPanel and if it might have obtained the certificate automatically, perhaps even without your knowledge? In which case you might not need to do anything more than update the URL to https in WordPress and add a redirect.