Ok, it was all working fine, until the mail I received that tells me to renew de SSL serts. I was wondered becorce I made a automated procedure in a cron job for this renew proces. The log file gives me the answer, some Errors. So I tought, lets do it be hand. Below is the result and I googled a lot but did not find a good solution. I did disabled IPV6 on mi raspberry pi so this could nod be a problem in this case. Hope someone can present the solution. Be verry welcome!
=>>
root@raspberry3b:/etc# certbot certonly -d teamtalk.nl-web.net --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert is due for renewal, auto-renewingâŠ
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for teamtalk.nl-web.net
Waiting for verificationâŠ
Cleaning up challenges
Failed authorization procedure. teamtalk.nl-web.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://teamtalk.nl-web.net/.well-known/acme-challenge/RIFYu7TTyUSQ0eIozEl3MSblyxxtb3dlASZMdJylZLY [84.85.123.108]: â\n\n404 Not Found\n\n
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
root@raspberry3b:/etc#
Thanks for your replay!
Ok, below the output of apachectl -S
. in this I sea:
Main DocumentRoot: â/var/www/htmlâ
But mi documentroot is in /media/(external HD) and I do not know how this command can find it in var/www/html
Alsow, It was a good working system until now. What could be happens and made changes? Where should I find this wrong route and give it the right route?
root@raspberry3b:~# apachectl -S
AH00558: apache2: Could not reliably determine the serverâs fully qualified domain name, using 127.0.1.1. Set the âServerNameâ directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server www.buurenvan.nl-web.net (/etc/apache2/sites-enabled/buurenvan.nl-web.net-le-ssl.conf:2)
port 443 namevhost www.buurenvan.nl-web.net (/etc/apache2/sites-enabled/buurenvan.nl-web.net-le-ssl.conf:2)
alias buurenvan.nl-web.net
port 443 namevhost www.pe1meh.nl-web.net (/etc/apache2/sites-enabled/pe1meh.nl-web.net-le-ssl.conf:2)
alias pe1meh.nl-web.net
port 443 namevhost www.radiorenzo.nl-web.net (/etc/apache2/sites-enabled/radiorenzo.nl-web.net-le-ssl.conf:2)
alias radiorenzo.nl-web.net
port 443 namevhost www.sunshine-hoogeveen.nl-web.net (/etc/apache2/sites-enabled/sunshine-hoogeveen.nl-web.net-le-ssl.conf:2)
alias sunshine-hoogeveen.nl-web.net
port 443 namevhost www.teamtalk.nl-web.net (/etc/apache2/sites-enabled/teamtalk.nl-web.net-le-ssl.conf:2)
alias teamtalk.nl-web.net
*:80 is a NameVirtualHost
default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost www.buurenvan.nl-web.net (/etc/apache2/sites-enabled/buurenvan.nl-web.net.conf:1)
alias buurenvan.nl-web.net
port 80 namevhost www.pe1meh.nl-web.net (/etc/apache2/sites-enabled/pe1meh.nl-web.net.conf:1)
alias pe1meh.nl-web.net
port 80 namevhost www.radiorenzo.nl-web.net (/etc/apache2/sites-enabled/radiorenzo.nl-web.net.conf:1)
alias radiorenzo.nl-web.net
port 80 namevhost www.sunshine-hoogeveen.nl-web.net (/etc/apache2/sites-enabled/sunshine-hoogeveen.nl-web.net.conf:1)
alias sunshine-hoogeveen.nl-web.net
port 80 namevhost www.teamtalk.nl-web.net (/etc/apache2/sites-enabled/teamtalk.nl-web.net.conf:1)
alias teamtalk.nl-web.net
ServerRoot: â/etc/apache2â
Main DocumentRoot: â/var/www/htmlâ
Main ErrorLog: â/var/log/apache2/error.log"Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir=â/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: â/var/run/apache2/apache2.pidâ
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=âwww-dataâ id=33
Group: name=âwww-dataâ id=33
root@raspberry3b:~#
Ok Thanks,
So I have the file: /etc/apache2/sites-available/teamtalk.nl-web.net.conf and in that file:
ServerName www.teamtalk.nl-web.net
ServerAlias teamtalk.nl-web.net
And I understand, there must be a second file wher the diffrend is:
ServerName teamtalk.nl-web.net
ServerAlias teamtalk.nl-web.net
The first who is allreddy there:teamtalk.nl-web.net.conf
Should I name the second file: teamtalk.nl-web.net.conf:1
Or:
rename the firs to: teamtalk.nl-web.net.conf:1
and the new one
teamtalk.nl-web.net.conf:2
And, both files are the same whit the only diffrence as shown above?
Hi Jurgen,
I tried as I sugested above. No good result. Can you give me a more spesific stap bi stap instruction wath to do? Below the output of mi last action.
=>>
root@raspberry3b:~# certbot certonly --webroot -w /media/www/teamtalk.nl-web.net -d teamtalk.nl-web.net -d www.teamtalk.nl-web.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/teamtalk.nl-web.net.conf)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
root@raspberry3b:~#
If you use webroot and if that doesn't work, your webroot is wrong. Or your have additional location definitions or something else, so that webroot isn't your real webroot.
Hi Jurgen,
Thanks for your quick responce! I do not understand how this could be? The webrood is defenitly the right one. Could it be something else? Suggestions wath to try?
The certbot command looks in the /etc/apache2/sites-available/*conf files This conf files all toots to the right webroot location. Alsow the apache2.conf file is whit this webroot locations. the webroot in the given command is deffenetly right. Are there other ways the certbot certonly looks at other locations where me be a wrong webrood is given.
Is it possible to remove (apt purge certbot ) and start it all from the start, a brand new installation and configuration? would this leads to a solution?
Jurgen, today I received mail from Letâs Encrypt Expiry Bot. "Letâs Encrypt certificate expiration notice for domain "teamtalk.nl-web.netâ. In 10 days expiration! I hope to fix the problem for renewal before this expiration. Is the option removing the certbot a good one? I know, me be a hard one but if it solves the problem, that will be fine! How strange it is, it has been working for a while and out of nothing this problem appaired. The web rood does not has been changed so I do not understand how this problem can be there at once. For now I hoop you have a solution. In case of a (after remove or purge certbot) Re-install,(keeping the apache installation and the basic configuration on the raspberry) what procedure do you advice?
Could not choose appropriate plugin: The requested uto plugin does not appear to be installed
Attempting to renew cert (teamtalk.nl-web.net) from /etc/letsencrypt/renewal/teamtalk.nl-web.net.conf produced an unexpected error: The requested uto plugin does not appear to be installed. Skipping.
All renewal attempts failed. The following certs could not be renewed:
Indeed there appears to be a wrong root dir reference somewhere. The site http: //www.teamtalk (unsecured) I arrive at the standard apache âit worksâ page. https: //www.teamtalk is available. Still, because it expires on July 10. The default âit worksâ page does not come from /var/www/html/index.html. Likewise not from /usr/share/apache2/default-site/index.html. But I canât find out where this index is. Likewise, I donât find where this reference is assigned. The site is a Virtual Host and when I disconnect it (a2dissite teamtalk.nl-web.net) it remains accessible via https://teamtalk.nl-web.net. Who oh who, where should I look for it?
Okay, it was left there for a while. Sometimes thatâs good to get it clear for yourself. Today, 1 day before the certificate expired, I got an idea. And often, and that is a pity, you encounter a problem on the internet in various forums that does not provide a solution. And because I often find it frustrating, I want to share with you the solution I found for this problem. And just like often, it is kind of simple in the end, but yeah, come on. Well, I have several Raspberryâs running. A while ago I wanted to realize a stream via another Raspberry secured. Unfortunately that did not work and after much experimentation I let it rest for the first time. I did not remember that I also installed Apache on that Raspberry, opened port 80 in my router for this. It could be that simple, so this port 80 was apparently in the port 80 of the Raspberry where I got the websites running on it. I first removed all apache installations from other Raspberryâs. This did not yield much more than just removing the âapache, iT worksâ page. Long story short, I then went to check the configuration of my router. And there I saw that port 80 was open for another Raspberry. Bingo, removed it here and the problem is solved. Thank everyone who contributed!