Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cloud.stonesblog.at

I ran this command: sudo certbot renew

It produced this output: Problem binding to port 80. Could not bind to IPv4 or IPv6 - skipping

My web server is (include version): latest version of apache2 (Mai 2019)

The operating system my web server runs on is (include version): ubuntu server 18.02 lts

My hosting provider, if applicable, is: self hosted - firewall port 80 and 443 open

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): BASH SHELL and WEBMIN

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using
Certbot): certbot 0.31.0

certbot.png1590×807 34.3 KB

Certbot works since months until now

i hope you can help me

regards

stone

Hi @stone1978

you have a lot of old certificates - https://check-your-website.server-daten.de/?q=cloud.stonesblog.at#ct-logs

First is from 2016-06-09 12:17:00 , last from 2019-02-13 19:34:58.

Looks like you have used tls-sni-01 validation with standalone via port 443. That's not longer supported, ended ~~ 2019-03-15.

So you have to use another validation method. standalone can't work, you have to stop your running webserver.

But your configuration looks ok:

Port 80 is open, checking a file in /.well-known/acme-challenge there is the expected result http status 404 - Not Found.

So find the DocumentRoot of your vHost and use it:

certbot run -a webroot -i apache -w yourDocumentRoot -d cloud.stonesblog.at

Hello

Thank you Jürgen.

Since 2016 i have my Owncloud / Nextcloud running.

So what can i do to solve this Problem?

Could you please describe me a workaround or solution?

Thank you

I have more sides

you mean the document root of my webserver?

Regards i will try

OK i have to install the Apache plugin

sudo apt-get install python-certbot-apache

Than i could run the command

Now i got this message

Failed authorization procedure. cloud.stonesblog.at (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://cloud.stonesblog.at/.well-known/acme-challenge/XIYT6ro_h757jmwFAKIy2wFVGQd9Lt_B5kB-qVXuat4 [90.152.153.154]: “\n\n404 Not Found\n\n

Not Found

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: cloud.stonesblog.at
  Type: unauthorized
  Detail: Invalid response from
  http://cloud.stonesblog.at/.well-known/acme-challenge/XIYT6ro_h757jmwFAKIy2wFVGQd9Lt_B5kB-qVXuat4
  [90.152.153.154]: “\n\n404 Not
  Found\n\n

  Not Found

  \n<p”

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

certbot2.png1198×589 204 KB

I hope you can help me

regards

That's the reason you shouldn't use the apache-authenticator. The authenticator doesn't understand your configuration, so it doesn't work.

webroot should always work, so use it.

I used the Webroot command you posted

please look at the screenshot

certbot run -a webroot -i apache -w yourDocumentRoot -d cloud.stonesblog.at

Regards Gerd

So i tried and tried and tried but i always get the same Message

Domain: cloud.stonesblog.at
Type: unauthorized
Detail: Invalid response from
http://cloud.stonesblog.at/.well-known/acme-challenge/XIYT6ro_h757jmwFAKIy2wFVGQd9Lt_B5kB-qVXuat4
[90.152.153.154]: “\n\n404 Not
Found\n\n

I have no Idea how i could solve this

FULL ERROR LOG PART 1

2019-05-20 22:26:32,703:DEBUG:certbot.main:certbot version: 0.31.0
2019-05-20 22:26:32,704:DEBUG:certbot.main:Arguments:
2019-05-20 22:26:32,706:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-05-20 22:26:32,722:DEBUG:certbot.log:Root logging level set at 20
2019-05-20 22:26:32,723:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-05-20 22:26:32,723:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2019-05-20 22:26:32,811:DEBUG:certbot_apache.configurator:Apache version is 2.4.29
2019-05-20 22:26:33,189:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f3acc6cd6a0>
Prep: True
2019-05-20 22:26:33,190:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0x7f3acc6cd6a0> and installer <certbot_apache.override_debian.DebianConfigurator object at 0x7f3acc6cd6a0>
2019-05-20 22:26:33,190:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2019-05-20 22:26:33,195:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri=‘https://acme-v02.api.letsencrypt.org/acme/acct/51452033’, new_authzr_uri=None, terms_of_service=None), 7b1d038afd277a9c38a7d6bda81b9315, Meta(creation_dt=datetime.datetime(2019, 2, 13, 21, 34, 30, tzinfo=), creation_host=‘stone-cloud’))>
2019-05-20 22:26:33,197:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-05-20 22:26:33,199:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2019-05-20 22:26:33,528:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2019-05-20 22:26:33,530:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 658
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 20 May 2019 20:26:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 20 May 2019 20:26:33 GMT
Connection: keep-alive

{
“Klx_LpZrYwQ”: “Adding random entries to the directory”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org”
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert”
}
2019-05-20 22:26:33,530:DEBUG:certbot.util:Not suggesting name “stone-cloud”
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/util.py”, line 310, in get_filtered_names
filtered_names.add(enforce_le_validity(name))
File “/usr/lib/python3/dist-packages/certbot/util.py”, line 531, in enforce_le_validity
“{0} needs at least two labels”.format(domain))
certbot.errors.ConfigurationError: stone-cloud needs at least two labels
2019-05-20 22:26:35,026:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2019-05-14 20:34:58 UTC.
2019-05-20 22:26:35,026:INFO:certbot.renewal:Cert is due for renewal, auto-renewing…
2019-05-20 22:26:35,026:INFO:certbot.main:Renewing an existing certificate
2019-05-20 22:26:35,201:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0111_key-certbot.pem
2019-05-20 22:26:35,203:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0111_csr-certbot.pem
2019-05-20 22:26:35,204:DEBUG:acme.client:Requesting fresh nonce
2019-05-20 22:26:35,204:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2019-05-20 22:26:35,419:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
2019-05-20 22:26:35,420:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: GXcQalNukloCFCaSzktxbDRgD9W6pM1_atrA2sZKQA4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 0
Expires: Mon, 20 May 2019 20:26:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 20 May 2019 20:26:35 GMT
Connection: keep-alive

FULL LOG PART 2

2019-05-20 22:26:35,420:DEBUG:acme.client:Storing nonce: GXcQalNukloCFCaSzktxbDRgD9W6pM1_atrA2sZKQA4
2019-05-20 22:26:35,421:DEBUG:acme.client:JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “cloud.stonesblog.at”\n }\n ]\n}’
2019-05-20 22:26:35,424:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNTE0NTIwMzMiLCAibm9uY2UiOiAiR1hjUWFsTnVrbG9DRkNhU3prdHhiRFJnRDlXNnBNMV9hdHJBMnNaS1FBNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0”,
“signature”: “BTgzPv4rlJ5haGvmKj5iNLlQiaEGyI6hW8nROwoJyu-JJnVNDJEZdwjO-C_quHU1mbC4vRSkvuGpwuzU6lEIvZxZ8UaLtW4sGD-stOwh9zQ2pU_OUTVDA7hSX-ASY4BVZBtAjT9w9xx4NsHwvoQ8AW4rNfdCkw0mWJFApLCYeBxrFXUbTgyYdx1N5PIxY0ZPHF9PkEd09qq1Irs2LYBYX9rvdJgKv21sdly2R06QG-S3GW41WcIqCu-kbqhJopw7yK0ug44NtsDtd8f172xBwjFrZX4-45iZqtNuOQVmNr48_biRjmHEcZ4i09hb-1JFGTRAiWQ7mEP7gcXznD_ktw”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImNsb3VkLnN0b25lc2Jsb2cuYXQiCiAgICB9CiAgXQp9”
}
2019-05-20 22:26:35,680:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 368
2019-05-20 22:26:35,681:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 368
Boulder-Requester: 51452033
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Location: https://acme-v02.api.letsencrypt.org/acme/order/51452033/461893133
Replay-Nonce: _8gbZp8Dg-phjrjeoICY7ZnyrQJxe5fVkQdWgtEusxo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 20 May 2019 20:26:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 20 May 2019 20:26:35 GMT
Connection: keep-alive

{
“status”: “pending”,
“expires”: “2019-05-27T20:25:41Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “cloud.stonesblog.at”
}
],
“authorizations”: [
“https://acme-v02.api.letsencrypt.org/acme/authz/D1yu-FdtWeHdBFc-VQbK9sXuYfjrUsPQ0WYU9Lpv12w”
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/51452033/461893133”
}
2019-05-20 22:26:35,681:DEBUG:acme.client:Storing nonce: _8gbZp8Dg-phjrjeoICY7ZnyrQJxe5fVkQdWgtEusxo
2019-05-20 22:26:35,681:DEBUG:acme.client:JWS payload:
b’’
2019-05-20 22:26:35,683:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/D1yu-FdtWeHdBFc-VQbK9sXuYfjrUsPQ0WYU9Lpv12w:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNTE0NTIwMzMiLCAibm9uY2UiOiAiXzhnYlpwOERnLXBoanJqZW9JQ1k3Wm55clFKeGU1ZlZrUWRXZ3RFdXN4byIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovRDF5dS1GZHRXZUhkQkZjLVZRYks5c1h1WWZqclVzUFEwV1lVOUxwdjEydyJ9”,
“signature”: “nF9mqBEjJ340buW_MXQIedD0d436y39TVQrn8aMMqsO1jdWM4HU8GJEHwBQC2TlZqoBD0iRCq87aJohkGC77s5mA67u3nxdBID-BqN8-KZ1-BgKtTjE_87edhatewu6AGt-JDwUDtprfA2vyvuAhQ3jAyv5MlEHgOygMPXGHCLsFm87aXK6_1ZqEreMh9Lca5i8bxNxXBO5tmI2-TIyg4zmGTUF2sf5lK80RLfDQa3KEbK1uoN7WpE6SkY5hLnTV2QnQbBHCPY1O5nPZt3W9r3Y-f6_a7lcQXENxZ3B6xXLGyEv6X8w_Kn9QJ1RNFKxfiIeK8NCBXsBq7Jf5SBOjgQ”,
“payload”: “”
}
2019-05-20 22:26:35,905:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz/D1yu-FdtWeHdBFc-VQbK9sXuYfjrUsPQ0WYU9Lpv12w HTTP/1.1” 200 914
2019-05-20 22:26:35,906:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 914
Boulder-Requester: 51452033
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: EaWIApNtiJ9rmvp5zAGxNxizOqfT3EuugvE9fKAb5fo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 20 May 2019 20:26:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 20 May 2019 20:26:35 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “cloud.stonesblog.at”
},
“status”: “pending”,
“expires”: “2019-05-27T20:25:41Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/D1yu-FdtWeHdBFc-VQbK9sXuYfjrUsPQ0WYU9Lpv12w/16088875771”,
“token”: “JyZSIVu-Z8e_ki9ZaNgf4tcI7kWRcYEMtDYzdFg1sRg”
},
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/D1yu-FdtWeHdBFc-VQbK9sXuYfjrUsPQ0WYU9Lpv12w/16088875772”,
“token”: “1BPiQCmc09hBk4QdKBjwdgaErlQ2bqCrbc4w96Qi2HM”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/D1yu-FdtWeHdBFc-VQbK9sXuYfjrUsPQ0WYU9Lpv12w/16088875773”,
“token”: “lMcycJJHQ6fHunVI3hpdQ-d7n6n5kRbRCp2AaUCsQio”
}
]
}
2019-05-20 22:26:35,907:DEBUG:acme.client:Storing nonce: EaWIApNtiJ9rmvp5zAGxNxizOqfT3EuugvE9fKAb5fo
2019-05-20 22:26:35,907:INFO:certbot.auth_handler:Performing the following challenges:
2019-05-20 22:26:35,908:INFO:certbot.auth_handler:http-01 challenge for cloud.stonesblog.at
2019-05-20 22:26:35,966:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: cloud.stonesblog.at in: /etc/apache2/sites-enabled/default-ssl.conf
2019-05-20 22:26:35,966:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: None in: /etc/apache2/sites-enabled/webmin.1488999536.conf
2019-05-20 22:26:35,967:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2281, in perform
http_response = http_doer.perform()
File “/usr/lib/python3/dist-packages/certbot_apache/http_01.py”, line 72, in perform
self._mod_config()
File “/usr/lib/python3/dist-packages/certbot_apache/http_01.py”, line 112, in _mod_config
self._set_up_include_directives(vh)
File “/usr/lib/python3/dist-packages/certbot_apache/http_01.py”, line 198, in _set_up_include_directives
vhost.path, “Include”, self.challenge_conf_pre)
File “/usr/lib/python3/dist-packages/certbot_apache/parser.py”, line 346, in add_dir_beginning
self.aug.insert(first_dir, “directive”, True)
File “/usr/lib/python3/dist-packages/augeas.py”, line 369, in insert
raise ValueError(“Unable to insert label!”)
ValueError: Unable to insert label!

2019-05-20 22:26:35,968:DEBUG:certbot.error_handler:Calling registered functions
2019-05-20 22:26:35,968:INFO:certbot.auth_handler:Cleaning up challenges
2019-05-20 22:26:36,264:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1365, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1119, in run
certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/usr/lib/python3/dist-packages/certbot/renewal.py”, line 310, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2281, in perform
http_response = http_doer.perform()
File “/usr/lib/python3/dist-packages/certbot_apache/http_01.py”, line 72, in perform
self._mod_config()
File “/usr/lib/python3/dist-packages/certbot_apache/http_01.py”, line 112, in _mod_config
self._set_up_include_directives(vh)
File “/usr/lib/python3/dist-packages/certbot_apache/http_01.py”, line 198, in _set_up_include_directives
vhost.path, “Include”, self.challenge_conf_pre)
File “/usr/lib/python3/dist-packages/certbot_apache/parser.py”, line 346, in add_dir_beginning
self.aug.insert(first_dir, “directive”, True)
File “/usr/lib/python3/dist-packages/augeas.py”, line 369, in insert
raise ValueError(“Unable to insert label!”)
ValueError: Unable to insert label!
2019-05-20 22:26:36,266:ERROR:certbot.log:An unexpected error occurred:

Is there anyone who can help me please ?

yourDocumentRoot isn’t your document root. Please read the basics about apache configuration files.

As written: Your configuration looks buggy, so the apache plugin doesn’t work -> so you should use webroot.

I solved the problem

remove

• apache
• php
• certbot
• letsencrypt

reinstall

• apache
• php
• certbot

reconfigure

• apache
• php
• certbot

it works

with Apache Plugin

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.