Problem with certificate generation

Good day I have a problem with generating a certificate for the domain

enter the command

/opt/letsencrypt/letsencrypt-auto certonly --config /etc/letsencrypt/cli.ini -d djlive.eu -d www.djlive.eu -d api.djlive.eu -d live.djlive.eu -d sys.djlive.eu -d edge.live.djlive.eu -d app.djlive.eu -d live-hls.djlive.eu -d v1.djlive.eu && /etc/init.d/nginx reload > /dev/null 2>&1

result of the command

Use of --agree-dev-preview is deprecated.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for djlive.eu
http-01 challenge for www.djlive.eu
http-01 challenge for api.djlive.eu
http-01 challenge for live.djlive.eu
http-01 challenge for sys.djlive.eu
http-01 challenge for edge.live.djlive.eu
http-01 challenge for app.djlive.eu
http-01 challenge for live-hls.djlive.eu
http-01 challenge for v1.djlive.eu
Using the webroot path /var/www/html/djlivepl for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. sys.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://sys.djlive.eu/.well-known/acme-challenge/I6rhIAqVZmZJpmdQAro4GCJgYuTpphPxbq8xq5R5Xcs: "

404 Not Found

404 Not Found


", edge.live.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://edge.live.djlive.eu/.well-known/acme-challenge/AQ0aB0XPDSlCOTVSKXYQDGopSNcIbQOsFOdubMIhzh4: " 404 Not Found

404 Not Found


", live-hls.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://live-hls.djlive.eu/.well-known/acme-challenge/JKPEZMdxvvppurr6VWxWT5eR72k5M4Eidkb6lhzgwGM: " 404 Not Found

404 Not Found


", v1.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://v1.djlive.eu/.well-known/acme-challenge/Z_bI9Y63s4E4XTKjjugP7Co5uHZydXcz4P1IvkMfKjM: " 404 Not Found

404 Not Found


", live.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://live.djlive.eu/.well-known/acme-challenge/nDtHn23BiplQlykXmtf1wxL_aNSkg1dwondr1XzAtbU: " 404 Not Found

404 Not Found


", djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://djlive.eu/.well-known/acme-challenge/Vmlc3vdG0sMeYJNYXbeU9AHetsaJwC6zLyqWE_R0Og0: " 404 Not Found

404 Not Found


", www.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.djlive.eu/.well-known/acme-challenge/RcU3gbD9xDjwK9O5QUAM917g0c79BPDZ-mkEOvEzgsc: " 404 Not Found

404 Not Found


", api.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://api.djlive.eu/.well-known/acme-challenge/YWSP2qpGWl4ZR0ToPJumpzmawXZnXOrqSkE0mEKXtb0: " 404 Not Found

404 Not Found


", app.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://app.djlive.eu/.well-known/acme-challenge/jY-8iAIf-Aiua3xsGNf-cttLlmNKOBYDwTDRFfwsB7Q: " 404 Not Found

404 Not Found


"

IMPORTANT NOTES:

please help me

domains djlive.eu configuration is cloudflare

Did you notice the following information in the certbot output?:

Using the webroot path /var/www/html/djlivepl for all unmatched domains.

Is that correct?

authenticator = webroot
webroot-path = /var/www/html/djliveeu
renew-by-default
agree-dev-preview
agree-tos
email = kontakt@djlive.pl

my files

@Osiris means, is it correct that /var/www/html/djilivepl is the document root for all of these domains? If not, you cannot use a single webroot-path option for all of them.

please help me generate ssl from domains djlive.eu

Hi @rafkos7732,

Using a cli.ini file is often unhelpful or counterproductive, especially when the options associated with each certificate or each domain will be different. That’s probably the case here, because the webroot path associated with each domain should probably be different.

The webroot path is a location where files can be written so that the web server will serve those files at a matching location on the web site itself. If your different domains have different content, they should have different webroot paths, based on each site’s document root as configured in your web server.

On the Certbot command line, you can specify a webroot path for each domain with a -w option immediately before the associated -d option. For example, if you had a site called example.com with a document root at /var/www/html/example and another site called shop.example.com with a document root at /var/www/html/shop, you could use

-w /var/www/html/shop -d shop.example.com -w /var/www/html/example -d example.com

That lets Certbot know which webroot goes with each domain.

Which command to type in the console?

@rafkos7732 Could you please try to put in a little bit more effort? @schoen has taken the time to post a very long and clear explanation of the problem you’re encountering.

Just bluntly asking for “which command to type” without even acknowledging the effort he’s put in is rather rude in my opinion.

What part of @schoen’s post you don’t understand? It’s better to learn how to fish, so you can eat the rest of your life than just getting a fish handed to you, so you can only eat for one day…

1 Like

I’m asking about the command
Because my English is weak and I do not understand the sentence

please help

Hi @rafkos7732,

My suggestion is for a modification to your command. You said that you typed

/opt/letsencrypt/letsencrypt-auto certonly --config /etc/letsencrypt/cli.ini -d djlive.eu -d www.djlive.eu -d api.djlive.eu -d live.djlive.eu -d sys.djlive.eu -d edge.live.djlive.eu -d app.djlive.eu -d live-hls.djlive.eu -d v1.djlive.eu && /etc/init.d/nginx reload > /dev/null 2>&1

I advocated

(1) removing --config /etc/letsencrypt/cli.ini

(2) adding a -w option before each -d option, indicating the appropriate webroot directory for that domain

With these changes, you may be able to use your original command.

Each of the domain addresses refers to /var/www/.html/djliveeu

How to quickly set up for each subdomain

So, right now they all have the same default content, but if you’re planning to change the configuration later so that each subdomain can have different content, you should make that change first. Otherwise, certbot renew will fail to renew your certificates in the future because the webroot will no longer be correct.

Above you specified the webroot as /var/www/html/djilivepl, but later on you said it was /var/www/html/djiliveeu, which is a different directory. Maybe that’s the reason for the error you’re seeing right now?

Djlive. pl domain is configured on the dedicated server and everything works. Djlive. pl domain in Polish.

I bought this portal, I did not configure Polish domains.
want to further develop the portal

djlive. eu wants it to be in English.
when entering a command:

/opt/letsencrypt/letsencrypt-auto certonly --config /etc/letsencrypt/cli.ini -d djlive.pl -d www.djlive.pl -d api.djlive.pl -d live.djlive.pl -d sys.djlive.pl -d edge.live.djlive.pl -d app.djlive.pl -d live-hls.djlive.pl -d v1.djlive.pl && /etc/init.d/nginx reload > /dev/null 2>&1

the certificate is refreshed and everything works

for an eu domain does not work

What now?

That’s interesting. In this case, perhaps you need to figure out why the /var/www/html/djiliveeu directory doesn’t work the same way for the .eu domains that the /var/www/html/djilivepl directory does for the .pl domains. Is there something different about the web server configuration between the .eu domains and the .pl domains?

If you do make a file /var/www/html/djiliveeu/.well-known/acme-challenge/test.txt, can you see the contents of that file at http://www.djlive.eu/.well-known/acme-challenge/test.txt and also for all of the other .eu domains?

In general, what should I do to generate a ssl certificate for djlive. eu?
I do not understand anything about this discussion

Please try the test that I suggested in my previous post:

ok im create files test.txt

not work ssl

root@worker:/var/www/html/djliveeu/.well-known/acme-challenge# /opt/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/html/djliveeu -d djlive.eu -d www.djlive.eu -d api.djlive.eu -d live.djlive.eu -d sys.djlive.eu -d edge.live.djlive.eu -d app.djlive.eu -d live-hls.djlive.eu -d v1.djlive.eu && /etc/init.d/nginx reload > /dev/null 2>&1
Use of --agree-dev-preview is deprecated.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for djlive.eu
http-01 challenge for www.djlive.eu
http-01 challenge for api.djlive.eu
http-01 challenge for live.djlive.eu
http-01 challenge for sys.djlive.eu
http-01 challenge for edge.live.djlive.eu
http-01 challenge for app.djlive.eu
http-01 challenge for live-hls.djlive.eu
http-01 challenge for v1.djlive.eu
Using the webroot path /var/www/html/djliveeu for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Unable to clean up challenge directory /var/www/html/djliveeu/.well-known/acme-challenge
Failed authorization procedure. djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://djlive.eu/.well-known/acme-challenge/ckuDsFG7w0HuCfFCiluOrJlJhAHTPFZcnbMMGGTNm84: "

404 Not Found

404 Not Found


", www.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.djlive.eu/.well-known/acme-challenge/bIi7lqSaoW3nPWTmmxpYmVg5juh671swF-kSKST8nxw: " 404 Not Found

404 Not Found


", app.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://app.djlive.eu/.well-known/acme-challenge/WWG3Cvo0L5F1T-1pFUNMt2WYYCj6IeimLgmBMsPNP7U: " 404 Not Found

404 Not Found


", v1.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://v1.djlive.eu/.well-known/acme-challenge/fKDJQJcgPpkbhOw7e9Hy--lNECvf2wsKLeeUH8x92Vs: " 404 Not Found

404 Not Found


", sys.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://sys.djlive.eu/.well-known/acme-challenge/piK5DWx0GgkUF3Ta_mg50M_DOY-nvvAbAOY3xAxvl6Q: " 404 Not Found

404 Not Found


", edge.live.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://edge.live.djlive.eu/.well-known/acme-challenge/uBxeUVzWCXsznWBgyZD-MSZ47hhplFOGiBkVGJl2BeU: " 404 Not Found

404 Not Found


", live.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://live.djlive.eu/.well-known/acme-challenge/jfoJSySotqksDczxkRyKbUwEFlA3Pd0K9aXIufgWOIc: " 404 Not Found

404 Not Found


", api.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://api.djlive.eu/.well-known/acme-challenge/aMnrI6ILKJbTu9PWDNdyXfQgzD3LFcCCnE-rN4wTH20: " 404 Not Found

404 Not Found


", live-hls.djlive.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://live-hls.djlive.eu/.well-known/acme-challenge/ImLpqWi-Dub0s6paJSwohXwJhbMRyVIwCOqilrzbpKI: " 404 Not Found

404 Not Found


"

IMPORTANT NOTES:

The test.txt is not intended to fix the problem. It’s intended to better understand the reason.

Right now, I can’t see

http://www.djlive.eu/.well-known/acme-challenge/test.txt

in a web browser. If you created a file /var/www/html/djiliveeu/.well-known/acme-challenge/test.txt, and it still exists, that means that /var/www/html/djiliveeu is not the correct webroot directory for this domain name. Either

(1) some other directory is the same webroot instead, or

(2) there is something about your nginx configuration that prevents nginx from serving this file.

Do you have a way that you can currently use to post any files on this site? One possibly relevant thing is that the home page is an Apache default installation page, yet the error pages (and HTTP headers) suggest that you’re using nginx rather than Apache.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.