Problem in Apache with Let's Encrypt on Ubuntu 22.04. Server

Hello,

I am having a problem with generating a certificate for my server. I hope that sombody could help.
Tanks in advance.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: helpdesk.emderschulen.de

I ran this command: sudo certbot --apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: helpdesk.emderschulen.de
2: www.helpdesk.emderschulen.de
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

It produced this output:

Requesting a certificate for helpdesk.emderschulen.de and www.helpdesk.emderschulen.de

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
** Domain: www.helpdesk.emderschulen.de**
** Type: dns**
** Detail: DNS problem: NXDOMAIN looking up A for www.helpdesk.emderschulen.de - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.helpdesk.emderschulen.de - check that a DNS record exists for this domain**

** Domain: helpdesk.emderschulen.de**
** Type: unauthorized**
** Detail: 212.227.190.238: Invalid response from http://helpdesk.emderschulen.de/.well-known/acme-challenge/y7468hSGqx1P6hpOiN2__ZjwbWiDOD-Hx_wiCEsNKR0: 404**

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Apache/2.4.52

The operating system my web server runs on is (include version): Ubuntu 22.04. LTS

My hosting provider, if applicable, is: Selfhost (Domain), IONOS (Server)

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.21.0

Hi @J_291, and welcome to the LE community forum

The error seems quite clear:

Have you created a DNS record for this FQDN?
[Do you even need "www.helpdesk.emderschulen.de"?]

Hi, no i don't need www.helpdesk.emderschulen.de. I could remove that, helpdesk.emderschulen.de would be fine.
As far as I understand the first problem relates to the iPv6-Address.
We don't have an IPv6-Address.

But what is with the second one?

Does Otobo use Apache virtual hosts?

What's the output of:

sudo apachectl -t -D DUMP_VHOSTS

It looks like it is.

sudo apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:80 is a NameVirtualHost
default server helpdesk.emderschulen.de (/etc/apache2/sites-enabled/hel pdesk.conf:1)
port 80 namevhost helpdesk.emderschulen.de (/etc/apache2/sites-enabled/ helpdesk.conf:1)
alias www.helpdesk.emderschulen.de
port 80 namevhost helpdesk.emderschulen.de/otobo/ (/etc/apache2/sites-e nabled/zzz_otobo-80.conf:12)
alias www.helpdesk.emderschulen.de/otobo/

You can't put URLs into ServerName like that.

Maybe get rid of that file from sites-enabled/ and try again?

I'd be surprised if that affected Certbot's ability to get a certificate, but it's worth a go.

This is the zzz_otobo-80.conf file now:

<VirtualHost *:80>

# Please change here the otobo admin mail address
ServerAdmin helpdesk@emderschulen.de

# Please change here the FQDN or hostname, you like to use with OTOBO
ServerName helpdesk.emderschulen.de

# Please change here and add more different FQDN´s or hostnames, you like to use with OTOBO
ServerAlias www.helpdesk.emderschulen.de

HostnameLookups Off
UseCanonicalName Off
ServerSignature Off

# Please change here the redirect to https and add your FQDN or hostname
Redirect permanent / https://helpdesk.emderschulen.de

The outcome:

Requesting a certificate for helpdesk.emderschulen.de

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: helpdesk.emderschulen.de
Type: unauthorized
Detail: 212.227.190.238: Invalid response from http://helpdesk.emderschulen.de/.well-known/acme-challenge/hvUFjhCPl6513rpv-5xzRoctUB4cujvumkOC35Efr-Q: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Here is the Log:

2022-11-08 08:16:26,931:DEBUG:certbot._internal.main:certbot version: 1.21.0
2022-11-08 08:16:26,931:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2022-11-08 08:16:26,931:DEBUG:certbot._internal.main:Arguments: ['--apache']
2022-11-08 08:16:26,931:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-11-08 08:16:26,941:DEBUG:certbot._internal.log:Root logging level set at 30
2022-11-08 08:16:26,942:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2022-11-08 08:16:26,998:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.52
2022-11-08 08:16:27,184:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f885ac87220>
Prep: True
2022-11-08 08:16:27,185:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f885ac87220> and installer <certbot_apache._internal.override_debian.Debi>
2022-11-08 08:16:27,185:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2022-11-08 08:16:27,251:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_ac>
2022-11-08 08:16:27,252:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-11-08 08:16:27,254:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-11-08 08:16:27,690:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 659
2022-11-08 08:16:27,691:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 08 Nov 2022 08:16:27 GMT
Content-Type: application/json
Content-Length: 659
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "HK46GwztsBg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-11-08 08:16:31,160:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for helpdesk.emderschulen.de
2022-11-08 08:16:31,688:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0009_key-certbot.pem
2022-11-08 08:16:31,694:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0009_csr-certbot.pem
2022-11-08 08:16:31,697:DEBUG:acme.client:Requesting fresh nonce
2022-11-08 08:16:31,697:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-11-08 08:16:31,841:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-11-08 08:16:31,841:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 08 Nov 2022 08:16:31 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: A5FErSi0Kg0Or6DT2t5-2l6IzNxsA6yMfzX5WZaOrJ6-HrM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2022-11-08 08:16:31,842:DEBUG:acme.client:Storing nonce: A5FErSi0Kg0Or6DT2t5-2l6IzNxsA6yMfzX5WZaOrJ6-HrM
2022-11-08 08:16:31,842:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "helpdesk.emderschulen.de"\n    }\n  ]\n}'
2022-11-08 08:16:31,845:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODEyOTM0Nzg3IiwgIm5vbmNlIjogIkE1RkVyU2kwS2cwT3I2RFQydDUtMmw2SXpOeHNBNnlNZnpYNVdaYU9ySjYtSHJNIiwgInVybCI6ICJodHRwczovL2FjbWUt>
  "signature": "xctGU4quHpo9s4FoaRGC0oIPGsVWPmBVM9ZI35Z59bj3Se53X5DWH1mNgq5p4qPTPMpdCs1sKGVLWYq8b2CTHF-WK0umOfBpaNjSP5Y3_o2TDWUNSDjRTeTcumV-D02Xwd1xqx_wg5X3CV3a-tYysfsnMsuL82wuHXwLq-ziRKCJAhC_NWmmmY9tN4M61iBbA_LnlFOwjXU06gWaZSOrnzayVndR>
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImhlbHBkZXNrLmVtZGVyc2NodWxlbi5kZSIKICAgIH0KICBdCn0"
}
2022-11-08 08:16:32,088:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 349
2022-11-08 08:16:32,088:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 08 Nov 2022 08:16:32 GMT
Content-Type: application/json
Content-Length: 349
Connection: keep-alive
Boulder-Requester: 812934787
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/812934787/142056649607
Replay-Nonce: F977_sQunqhh9cUK_mzv1d_zn-BUcIbxEg1jvEnaII7tdHA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2022-11-15T08:16:31Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "helpdesk.emderschulen.de"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/173745545827"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/812934787/142056649607"
}
2022-11-08 08:16:32,089:DEBUG:acme.client:Storing nonce: F977_sQunqhh9cUK_mzv1d_zn-BUcIbxEg1jvEnaII7tdHA
2022-11-08 08:16:32,089:DEBUG:acme.client:JWS payload:
b''
2022-11-08 08:16:32,091:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/173745545827:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODEyOTM0Nzg3IiwgIm5vbmNlIjogIkY5Nzdfc1F1bnFoaDljVUtfbXp2MWRfem4tQlVjSWJ4RWcxanZFbmFJSTd0ZEhBIiwgInVybCI6ICJodHRwczovL2FjbWUt>
  "signature": "uHdCLVXdvxWOYRMXo_mcbcx4gIKmwTdvHmjEyUUeuJeGYHgiq-9ipKF617w4B-LR6yRH2-TOyAi5XBBqktytf0BPEwJQlBQXM8uS-ZA4BbIDO-JhNhK7D45_WGwiOrlKU6XOhLJkuS7aFu5jLXG2NCvQcPtyMIvAnJZ-gcMwQRAnOklrZEPIW3V4KRIiXs9US43srpfj6wjVytXwJmnfEMsR-PAf>
  "payload": ""
}
2022-11-08 08:16:32,239:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/173745545827 HTTP/1.1" 200 808
2022-11-08 08:16:32,239:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 08 Nov 2022 08:16:32 GMT
Content-Type: application/json
Content-Length: 808
Connection: keep-alive
Boulder-Requester: 812934787
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F9772v7oa4FPUIwc-tLIYkQIVM11JK-nCe7Qw2zPGQ9vQao
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "helpdesk.emderschulen.de"
  },
  "status": "pending",
  "expires": "2022-11-15T08:16:31Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/173745545827/inkZTg",
      "token": "dneSvfTPOWCcD5jazkY2QcZkxn3J4fxvsJWRkmAyHsc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/173745545827/OPDppg",
      "token": "dneSvfTPOWCcD5jazkY2QcZkxn3J4fxvsJWRkmAyHsc"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/173745545827/fojdUQ",
      "token": "dneSvfTPOWCcD5jazkY2QcZkxn3J4fxvsJWRkmAyHsc"
    }
  ]
}
2022-11-08 08:16:32,240:DEBUG:acme.client:Storing nonce: F9772v7oa4FPUIwc-tLIYkQIVM11JK-nCe7Qw2zPGQ9vQao
2022-11-08 08:16:32,240:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-11-08 08:16:32,240:INFO:certbot._internal.auth_handler:http-01 challenge for helpdesk.emderschulen.de
2022-11-08 08:16:32,292:INFO:certbot_apache._internal.override_debian:Enabled Apache rewrite module
2022-11-08 08:16:32,396:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: helpdesk.emderschulen.de in: /etc/apache2/sites-enabled/zzz_otobo-80.conf
2022-11-08 08:16:32,397:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: helpdesk.emderschulen.de in: /etc/apache2/sites-enabled/helpdesk.conf
2022-11-08 08:16:32,397:DEBUG:certbot_apache._internal.http_01:writing a pre config file with text:
         RewriteEngine on
        RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]

2022-11-08 08:16:32,398:DEBUG:certbot_apache._internal.http_01:writing a post config file with text:
         <Directory /var/lib/letsencrypt/http_challenges>
            Require all granted
        </Directory>
        <Location /.well-known/acme-challenge>
            Require all granted
        </Location>

2022-11-08 08:16:32,425:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/zzz_otobo-80.conf
2022-11-08 08:16:32,426:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/helpdesk.conf
2022-11-08 08:16:35,550:DEBUG:acme.client:JWS payload:
b'{}'
2022-11-08 08:16:35,552:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/173745545827/inkZTg:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODEyOTM0Nzg3IiwgIm5vbmNlIjogIkY5NzcydjdvYTRGUFVJd2MtdExJWWtRSVZNMTFKSy1uQ2U3UXcyelBHUTl2UWFvIiwgInVybCI6ICJodHRwczovL2FjbWUt>
  "signature": "yKiCvL5rewXcTaOCKvcGhQhFlIrsnwU1AKFZT3bTXN8efkPDTAOGuZ657jaN_lGZUcHsyl8G3vGtPqFVSwmk99E2k64iLVoXGb44kaMrGC0yDSb1Z1slpkq6bggBPrl9YUknqCqQgKG1H7xqR2HKa2XVQRkk6NTen2dkrNk14jaf2tMNUrMGCJgN5a9u6r5qJvAA3jy_OF2OzHWpidUJ60bbHnHF>
  "payload": "e30"
}
2022-11-08 08:16:35,701:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/173745545827/inkZTg HTTP/1.1" 200 187
2022-11-08 08:16:35,702:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 08 Nov 2022 08:16:35 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 812934787
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/173745545827>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/173745545827/inkZTg
Replay-Nonce: A5FEsdWc6RfhOitRm0W4aSVgnGL_HEDluPT19YbUB8KSJgg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/173745545827/inkZTg",
  "token": "dneSvfTPOWCcD5jazkY2QcZkxn3J4fxvsJWRkmAyHsc"
}
2022-11-08 08:16:35,702:DEBUG:acme.client:Storing nonce: A5FEsdWc6RfhOitRm0W4aSVgnGL_HEDluPT19YbUB8KSJgg
2022-11-08 08:16:35,703:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-11-08 08:16:36,704:DEBUG:acme.client:JWS payload:
b''
2022-11-08 08:16:36,706:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/173745545827:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODEyOTM0Nzg3IiwgIm5vbmNlIjogIkE1RkVzZFdjNlJmaE9pdFJtMFc0YVNWZ25HTF9IRURsdVBUMTlZYlVCOEtTSmdnIiwgInVybCI6ICJodHRwczovL2FjbWUt>
  "signature": "YszPp4gJ70DDHXpH4MMFOVkOSa0RDu1Qv_NXMrdmjULgBAVjrvMBp2OaW5-gB6YsmmXCnxLQSDBKDhpoSUL6RV7Yxt50kc3KulW0ppfdcyJSEc2P2MfDRvlm7bq12SyBd9kUya0FpligrsD2xkTpgsRyARkLd7RqSWPx_dOfb2NP3iIDZUZhPc76tygm4Ww_MgbhnOYg5hTiaENQjwHtGxXfvvUi>
  "payload": ""
}
2022-11-08 08:16:36,854:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/173745545827 HTTP/1.1" 200 808
2022-11-08 08:16:36,854:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 08 Nov 2022 08:16:36 GMT
Content-Type: application/json
Content-Length: 808
Connection: keep-alive
Boulder-Requester: 812934787
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: C400-S_eDT1PqgZczAICgh1CrrhtUMXFXYbGb9-QIehE68Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "helpdesk.emderschulen.de"
  },
  "status": "pending",
  "expires": "2022-11-15T08:16:31Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/173745545827/inkZTg",
      "token": "dneSvfTPOWCcD5jazkY2QcZkxn3J4fxvsJWRkmAyHsc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/173745545827/OPDppg",
      "token": "dneSvfTPOWCcD5jazkY2QcZkxn3J4fxvsJWRkmAyHsc"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/173745545827/fojdUQ",
      "token": "dneSvfTPOWCcD5jazkY2QcZkxn3J4fxvsJWRkmAyHsc"
    }
  ]
}
2022-11-08 08:16:36,855:DEBUG:acme.client:Storing nonce: C400-S_eDT1PqgZczAICgh1CrrhtUMXFXYbGb9-QIehE68Y
2022-11-08 08:16:39,858:DEBUG:acme.client:JWS payload:
b''
2022-11-08 08:16:39,860:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/173745545827:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODEyOTM0Nzg3IiwgIm5vbmNlIjogIkM0MDAtU19lRFQxUHFnWmN6QUlDZ2gxQ3JyaHRVTVhGWFliR2I5LVFJZWhFNjhZIiwgInVybCI6ICJodHRwczovL2FjbWUt>
  "signature": "F7xzf36FCiHyhbvNR3VMeY0Ir1lOD1qtRHJiW3RYAyefpV8upYwwmUnLR0g_YH6k_OV_oydGhHotxJwsKFHyMzPS4-OTuxUTUnVueDSX-S5M1l8hBZ4TR6MF16BUCXs1Trf6QKtcWD7I-bTh4wTJuaia50UC-5yC3CA_ucCzLfRL0OuICwI6muI9Uwp6FiBNkVDrUK4WRkM8z2PFz-raDtvVBKsf>
  "payload": ""
}
2022-11-08 08:16:40,009:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/173745545827 HTTP/1.1" 200 1070
2022-11-08 08:16:40,010:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 08 Nov 2022 08:16:39 GMT
Content-Type: application/json
Content-Length: 1070
Connection: keep-alive
Boulder-Requester: 812934787
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: A5FEJImqzvxCMmnbbDVjlvBI3gkZg7fKQombDuWXx6ME_Bo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "helpdesk.emderschulen.de"
  },
  "status": "invalid",
  "expires": "2022-11-15T08:16:31Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "212.227.190.238: Invalid response from http://helpdesk.emderschulen.de/.well-known/acme-challenge/dneSvfTPOWCcD5jazkY2QcZkxn3J4fxvsJWRkmAyHsc: 404",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/173745545827/inkZTg",
      "token": "dneSvfTPOWCcD5jazkY2QcZkxn3J4fxvsJWRkmAyHsc",
      "validationRecord": [
        {
          "url": "http://helpdesk.emderschulen.de/.well-known/acme-challenge/dneSvfTPOWCcD5jazkY2QcZkxn3J4fxvsJWRkmAyHsc",
          "hostname": "helpdesk.emderschulen.de",
          "port": "80",
          "addressesResolved": [
            "212.227.190.238"
          ],
          "addressUsed": "212.227.190.238"
        }
      ],
      "validated": "2022-11-08T08:16:35Z"
    }
  ]
}
2022-11-08 08:16:40,011:DEBUG:acme.client:Storing nonce: A5FEJImqzvxCMmnbbDVjlvBI3gkZg7fKQombDuWXx6ME_Bo
2022-11-08 08:16:40,011:INFO:certbot._internal.auth_handler:Challenge failed for domain helpdesk.emderschulen.de
2022-11-08 08:16:40,011:INFO:certbot._internal.auth_handler:http-01 challenge for helpdesk.emderschulen.de
2022-11-08 08:16:40,012:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: helpdesk.emderschulen.de
  Type:   unauthorized
  Detail: 212.227.190.238: Invalid response from http://helpdesk.emderschulen.de/.well-known/acme-challenge/dneSvfTPOWCcD5jazkY2QcZkxn3J4fxvsJWRkmAyHsc: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

2022-11-08 08:16:40,012:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-11-08 08:16:40,012:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-11-08 08:16:40,012:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-11-08 08:16:40,216:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1287, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 459, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-11-08 08:16:40,217:ERROR:certbot._internal.log:Some challenges have failed.

This file is not being used by Apache anyway, /etc/apache2/sites-enabled/helpdesk.conf is taking precedence - you have duplicate ServerNames.

What's the content of that file?

The /etc/apache2/sites-enabled/helpdesk file is the exact same as /etc/apache2/sites-enabled/zzz_otobo-80.conf file.

For now i have tried the manually method with certbot certonly --authenticator standalone. This worked fine for me. Then I crated a cronjob that will renew the certificate every week. Tanks for the help so far.

Two problems with that approach. One is that manual methods cannot be auto-renewed as they require manual actions.

Two is your Apache server will need to be stopped for the standalone authenticator. Unless you setup a reverse proxy to it from Apache but if you can do that there would be no reason to use standalone.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.