Problemas con renovacion de mi certbot

Help Ayuda (en Español)
1

Por favor, complete los campos del siguiente formulario para que podamos ayudarle de la mejor forma posible. Nota: debe proporcionar su nombre de dominio para obtener ayuda. Los nombres de dominio de los certificados emitidos se hacen públicos en los registros de Transparencia de Certificados (por ejemplo, https://crt.sh/?q=example.com), por lo que esconder aquí su nombre de dominio no sirve de nada, únicamente nos dificulta prestarle la ayuda solicitada.

Puedo leer las respuestas en Inglés (sí o no):

Mi dominio es: servipumps.com

Ejecuté este comando: sudo certbot renew

Produjo esta salida:

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: servipumps.com
Type: unauthorized
Detail: 34.55.8.132: Invalid response from http://servipumps.com/.well-known/acme-challenge/-Si90HCK1YOXE8EPSn8KgulZrcX2usMVLanu0d6AgoE: 400

Mi servidor web es (incluya la versión): lo estoy corriendo en apache desde linux en una maquina virtual de google

El sistema operativo en el que se ejecuta mi servidor web es (incluya la versión): debian

Mi proveedor de alojamiento web (si aplica) es:

Puedo iniciar una sesión en una shell root en mi servidor (sí, no o no lo sé): si

Estoy usando un panel de control para administrar mi sitio (no o proporcione el nombre y la versión del panel de control): no

La versión de mi cliente es (por ejemplo, si usa certbot, muestre la salida de certbot --version o certbot-auto --version):

2

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Do you need help with this? You probably mixed up some port number somewhere.

1 Like
3

From what I see, when the renewal request is made, it is done via http when it should be via https. How can I change that?

4

You're telling apache to speak https on a port that should be http.

I don't know if that's because you told apache directly or because you forwarded both 80 and 443 external ports to internal 443.

5

The HTTP-01 challenge, of the Challenge Types - Let's Encrypt, states "The HTTP-01 challenge can only be done on port 80."
Best Practice - Keep Port 80 Open

Using the online tool Let's Debug yields these results https://letsdebug.net/servipumps.com/2456737

image
image1027×798 42.1 KB

2 Likes
6

certbot
certbot1110×1049 85.1 KB

I share with you my configuration of etc/apache2/sites-available/000-default.conf and according to me here I have already configured so that the redirection to https is not mandatory

7

image
image2521×580 30.7 KB

This is how the request is made. How can I change it so that the request is made to https?

8

You cannot have SSLEngine on on port 80.

You can replace :80 with :443 on the first line, and this should work. (It won't make the validation work, tho. Validation needs port 80 in this case. You might also want to use the acme client included with apache)

2 Likes
9

image
image2532×381 19.9 KB

I changed the port to 433 as you told me and it works fine. I tried renewing my certbot but it still gives me that error.

10

of course.

you need to listen on both port 80 (http) and 443 (https).

You see how there's two virtualhosts here? Mozilla SSL Configuration Generator

If you don't want apache to listen on port 80 you can use certbot renew --standalone and leave apache on 443 only.

2 Likes