Problem updating ACME TLS-SNI-01 to alternative validation method

Dear all,
It has been a 16 hours working day for me on this topic.
I have to make a break till tomorrow before I destroy something.
I will be back tomorrow.

Kind regards and thanks again

1 Like

So when you return, make the path:
/var/lib/tomcat7/webapps/carol/.well-known/acme-challenge/
and place a very simple test text file there.
[this time call it 4321 (to be sure it is the one you put there)]
It needs to be visible at:
https://www.kreator.ch/.well-known/acme-challenge/4321

1 Like

File 4321 created in /var/lib/tomcat7/webapps/carol/.well-known/acme-challenge/
https://www.kreator.ch/.well-known/acme-challenge/4321 -> Err 404

I better off make a break (lol)

This file

works, so

/var/lib/tomcat7/webapps/ROOT/

is your webroot.

Thanks Juergen,
This point is clarified.
However I have 2 services running: apache2 and tomcat
Apache2 receives the http requests and forward them to tomcat7.
As far as I remeber when I first installed LetsEncrypt certificates I did it for apache2 using procedure found on your site and then for tomcat7 generating JKS keystrokes.
I checked it with SSL labs tool and that was it.
I did not have to struglle with acme-challenge.
It seems that this time Iwent the wrong way or things became more complicated.
Regards.

Have a look at a this new similar topic:

1 Like

Thanks Rudy,

I followed th link and tried:
certbot run -a webroot -i apache -w /var/lib/tomcat7/webapps/carol/ -d www.kreator.ch
And received:
You are running with an old copy of letsencrypt-auto that does not receive updates, and is less reliable than more recent versions. The letsencrypt client has also been renamed to Certbot. We recommend upgrading to the latest certbot-auto script, or using native OS packages.
Found the topic about it on your site and reinstalled certbot

  1. apt-get remove certbot
  2. wget https://dl.eff.org/certbot-auto
    chmod a+x certbot-auto
  3. /root/certbot-auto certonly
    Tried option 1: Apache Web Server plugin (apache)
    and then option 3: Place files in webroot directory (webroot)
    All failed.

Now I am blocked with “too many requests”

So maybe the first question becomes: How to get rid of the old copy of letsencrypt-auto or references to it?

apt-get remove letsencrypt-auto -> unable to locate package letsencrypt-auto

Regards

Hi Juergen,
Could you help to solve the problem I posted about “old copy of letsencrypt-auto” when running certbot ?
Regards

Please show:
sudo dpkg -l *certbot* *letsencrypt*

1 Like

I’m trying to reinstall the old certbot. After 4 days no way to update grrrr
By the way my web apps https://kreator.ch is kaput.

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
++±========================-=================-=================-=====================================================
ii certbot 0.10.2-1~bpo8+1 all automatically configure HTTPS using Let’s Encrypt
un letsencrypt (no description available)
ii python-certbot 0.10.2-1~bpo8+1 all main library for certbot
un python-certbot-apache (no description available)
un python-certbot-doc (no description available)
un python-certbot-nginx (no description available)
un python-letsencrypt (no description available)

Is ther a way to sart over from the begining with letsencrypt ?

Yes.

You could first try to update them with:

dpkg --update-avail certbot pyton-cerbot python-certbot-apache python-certbot-nginx

If no change, then remove them with:

dpkg -r cerbot python-certbot python-cerbot-apache python-certbot-doc python-certbot-nginx python-letsencrypt

and start over: https://certbot.eff.org/all-instructions/

1 Like

Thanks a lot,
Is it clean
dpkg-query: no packages found matching certbot
dpkg-query: no packages found matching letsencrypt

can I continue

Yes; Pick the closest match from these instructions: https://certbot.eff.org/all-instructions/

1 Like

I did, in fact a couple of times.
Now I got error with apachectl configtest

apache2: Syntax error on line 219 of /etc/apache2/apache2.conf: Syntax error on line 32 of /etc/apache2/sites-enabled/kr eator.ch-ssl.conf: Could not open configuration file /etc/letsencrypt/options-ssl-apache.conf: No such file or directory
Action ‘configtest’ failed.

Please show line 219 (or all of) /etc/apache2/apache2.conf
and
ls -l /etc/letsencrypt/options*

1 Like

Line 219
IncludeOptional sites-enabled/*.conf

ls: cannot access /etc/letsencrypt/options*: No such file or directory

Please show:
ls -l /etc/apache2/sites-enabled/*.conf
and
grep -Eri 'options-ssl-apache' /etc/apache2

1 Like

lrwxrwxrwx 1 root root 35 Jan 31 20:26 /etc/apache2/sites-enabled/000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root 45 Jan 31 20:20 /etc/apache2/sites-enabled/default-ssl.conf -> /etc/apache2/sites-available/default-ssl.conf
lrwxrwxrwx 1 root root 38 Sep 12 2017 /etc/apache2/sites-enabled/kreator.ch-ssl.conf -> ../sites-available/kreator.ch-ssl.conf
lrwxrwxrwx 1 root root 34 Sep 12 2017 /etc/apache2/sites-enabled/kreator.ch.conf -> ../sites-available/kreator.ch.conf

Change (line 219):
IncludeOptional sites-enabled/*.conf
to
IncludeOptional /etc/apache2/sites-enabled/*.conf

and show:
grep -Eri 'options-ssl-apache' /etc/apache2

1 Like