Problem with HTTP-01 Apache + Mono

Ravenheart · January 25, 2018, 3:25pm

I ran this command:
./certbot-auto --apache -d fake.smart-ss.org

It produced this output:

root@dev:/home/smart# ./certbot-auto --apache -d fake.smart-ss.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for fake.smart-ss.org
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. fake.smart-ss.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://fake.smart-ss.org/.well-known/acme-challenge/zGy5DAG8nBq96ord6Jk0Xu5Vyowb-_dpAKyiu9RkDvQ: "<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtm" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

My web server is (include version):
Apache 2.4 + Mono

The operating system my web server runs on is (include version):
Ubuntu Server 16.04 LTS x64

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I suspect its some problem with Mono as if I create a .well-known/acme-challenge folder I still get "forbidden" response.

Ravenheart · January 25, 2018, 3:29pm

To point out what I’m trying to do, trying to issue a new cert for one of our test sub-domains before I start issuing certs to new clients.

The domain fake.smart-ss.org only has a CNAME to dev.smart-ss.org, once I get this working with the new HTTP-01 verification the first domains I will issue certs will be: dimitrov.smart-ss.org and web.invitro.bg (both point to the same A/IP address, the first one is for internal use by our company, the second will be used publicly by patients and such).

jared.m · January 25, 2018, 3:47pm

The issue is that when the Let’s Encrypt validation authority requests the challenge file, your server is instead returning some markup language. This happens for a variety of reasons that we can’t easily glean from context alone. I’d recommend taking a look at your configs, and try placing a test file at http://fake.smart-ss.org/.well-known/acme-challenge/test.txt and attempt to pull that file.

Ravenheart · January 26, 2018, 6:57am

Figured it out, it was Mono trying to process the request to .well-known thinking it was something it should handle.

Added this to the VirtualHost config and it worked:

<Location "/.well-known">
SetHandler default-handler

system · February 25, 2018, 7:02am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.