Problem updating ACME TLS-SNI-01 to alternative validation method

rg305 · January 29, 2019, 8:12pm

Instead of this folder:
/var/www/kreator.ch/public_html/.well-known/acme-challenge/

Try this folder:
/var/lib/tomcat7/webapps/ROOT/

[Place a test file in that folder like you did before.]

UbikMZ · January 29, 2019, 8:21pm

I did it.
What should I do next to insure renewal of cerificates.

rg305 · January 29, 2019, 8:39pm

Is the file accessible from the Internet?
Which file name did you use?

UbikMZ · January 29, 2019, 8:43pm

I copied there the 2 previous files i.e 1234 (no extension) and test.html
I can access them with https://www.kreator.ch/1234

rg305 · January 29, 2019, 8:47pm

This file is not a good test…
The 1234 file returns 1652 bytes.
[in fully formatted html]

Can you place a simple text file with only a few bytes?
[Let’s Encrypt will not read/parse though html code]

UbikMZ · January 29, 2019, 8:50pm

1234 is now a simple text

UbikMZ · January 29, 2019, 8:57pm

By the way my “real” web application is in /var/lib/tomcat7/webapps/carol and not in /var/lib/tomcat7/webapps/ROOT.
Just in case it might have incidence on further steps.

Once my problem will be solved I would be glad to receive an invoice from you for the time you spent for me.

UbikMZ · January 29, 2019, 9:02pm

Dear all,
It has been a 16 hours working day for me on this topic.
I have to make a break till tomorrow before I destroy something.
I will be back tomorrow.

Kind regards and thanks again

rg305 · January 29, 2019, 9:09pm

So when you return, make the path:
/var/lib/tomcat7/webapps/carol/.well-known/acme-challenge/
and place a very simple test text file there.
[this time call it 4321 (to be sure it is the one you put there)]
It needs to be visible at:
https://www.kreator.ch/.well-known/acme-challenge/4321

UbikMZ · January 29, 2019, 9:20pm

File 4321 created in /var/lib/tomcat7/webapps/carol/.well-known/acme-challenge/
https://www.kreator.ch/.well-known/acme-challenge/4321 -> Err 404

I better off make a break (lol)

JuergenAuer · January 29, 2019, 9:41pm

This file

works, so

/var/lib/tomcat7/webapps/ROOT/

is your webroot.

UbikMZ · January 30, 2019, 9:14am

Thanks Juergen,
This point is clarified.
However I have 2 services running: apache2 and tomcat
Apache2 receives the http requests and forward them to tomcat7.
As far as I remeber when I first installed LetsEncrypt certificates I did it for apache2 using procedure found on your site and then for tomcat7 generating JKS keystrokes.
I checked it with SSL labs tool and that was it.
I did not have to struglle with acme-challenge.
It seems that this time Iwent the wrong way or things became more complicated.
Regards.

rg305 · January 31, 2019, 5:09am

Have a look at a this new similar topic:

UbikMZ · January 31, 2019, 1:00pm

Thanks Rudy,

I followed th link and tried:
certbot run -a webroot -i apache -w /var/lib/tomcat7/webapps/carol/ -d www.kreator.ch
And received:
You are running with an old copy of letsencrypt-auto that does not receive updates, and is less reliable than more recent versions. The letsencrypt client has also been renamed to Certbot. We recommend upgrading to the latest certbot-auto script, or using native OS packages.
Found the topic about it on your site and reinstalled certbot

apt-get remove certbot
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
/root/certbot-auto certonly
Tried option 1: Apache Web Server plugin (apache)
and then option 3: Place files in webroot directory (webroot)
All failed.

Now I am blocked with “too many requests”

So maybe the first question becomes: How to get rid of the old copy of letsencrypt-auto or references to it?

apt-get remove letsencrypt-auto -> unable to locate package letsencrypt-auto

Regards

UbikMZ · January 31, 2019, 3:44pm

Hi Juergen,
Could you help to solve the problem I posted about “old copy of letsencrypt-auto” when running certbot ?
Regards

rg305 · January 31, 2019, 11:08pm

Please show:
sudo dpkg -l *certbot* *letsencrypt*

UbikMZ · January 31, 2019, 11:11pm

I’m trying to reinstall the old certbot. After 4 days no way to update grrrr
By the way my web apps https://kreator.ch is kaput.

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
++±========================-=================-=================-=====================================================
ii certbot 0.10.2-1~bpo8+1 all automatically configure HTTPS using Let’s Encrypt
un letsencrypt (no description available)
ii python-certbot 0.10.2-1~bpo8+1 all main library for certbot
un python-certbot-apache (no description available)
un python-certbot-doc (no description available)
un python-certbot-nginx (no description available)
un python-letsencrypt (no description available)

UbikMZ · January 31, 2019, 11:12pm

Is ther a way to sart over from the begining with letsencrypt ?

rg305 · January 31, 2019, 11:14pm

Yes.

You could first try to update them with:

dpkg --update-avail certbot pyton-cerbot python-certbot-apache python-certbot-nginx

If no change, then remove them with:

dpkg -r cerbot python-certbot python-cerbot-apache python-certbot-doc python-certbot-nginx python-letsencrypt

and start over: https://certbot.eff.org/all-instructions/

UbikMZ · January 31, 2019, 11:22pm

Thanks a lot,
Is it clean
dpkg-query: no packages found matching certbot
dpkg-query: no packages found matching letsencrypt

can I continue