that files look ok
only port 80 stuff
I need the file:
/etc/apache2/sites-available/default-ssl.conf
I would change:
<VirtualHost _default_:443>
to
<VirtualHost *:443>
And I'm not sure you need this line anymore:
SSLCertificateChainFile /etc/letsencrypt/live/exxoshost.co.uk/chain.pem
Also show (not sure if we've seen that one yet):
It is enabled:
IncludeOptional sites-enabled/*.conf
But it contains no servername
nor serveralias
.
That needs fixing...
Not sure what Apache will do without it (and that may change over time too).
Better to put anything in there.
Its all bodged into the apache conf file instead.
I honestly don’t think anything is much wrong, like I say, it has been working for 18 months and I just renew it when needed… though is it moans about achme something, I never seen that anywhere, I created a test folder, as some other guide mentions, that seemed fine, but I assume something in cerbot has updated causing my setup to break.
You've said that now 4 times - I do understand that
Please place a test text file at:
/var/www/html/.well-known/acme-challenge/1234
You can do so with these simple steps:
mkdir /var/www/html/.well-known
mkdir /var/www/html/.well-known/acme-challenge
echo "just a test file" > /var/www/html/.well-known/acme-challenge/1234
If that file can be reached from the Internet, then the renewals should work.
If not then we may need to use --webroot
option.
I did that already, that works fine.
wget http://exxoshost.co.uk/.well-known/acme-challenge/1234
Fails - not working fine.
It redirects to https://exxoshost.co.uk/new404.htm <<< not same URL path
And then returns 560 bytes of “nicely formatted 404 error message”.
I was following another guide before I posted here, its called test not 1234.
I still don’t see where it does the 302 redirection.
Nonetheless, try a renewal now:
sudo certbot-auto renew
Assuming you’ve restarted Apache.
Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/exxoshost.co.uk.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator apache, Installer apache Renewing an existing certificate Performing the following challenges: http-01 challenge for www.exxoshost.co.uk http-01 challenge for exxoshost.co.uk Waiting for verification... Cleaning up challenges Attempting to renew cert (exxoshost.co.uk) from /etc/letsencrypt/renewal/exxoshost.co.uk.conf produced an unexpected error: Failed authorization procedure. exxoshost.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://exxoshost.co.uk/.well-known/acme-challenge/OC2RR8DLv2YztjmaUx5YPMDv86iQfuXhAk6O1jVvNks: "\r\n\r\n404\r\n\r\n\r\n\r\n<body b". Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/exxoshost.co.uk/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/exxoshost.co.uk/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s) IMPORTANT NOTES: - The following errors were reported by the server: Domain: exxoshost.co.uk Type: unauthorized Detail: Invalid response from http://exxoshost.co.uk/.well-known/acme-challenge/OC2RR8DLv2YztjmaUx5YPMDv86iQfuXhAk6O1jVvNks: "\r\n\r\n404\r\n\r\n\r\n\r\n<body b" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
If you have not restarted Apache, do so and retry renewing.
If you already have, then we need to try --webroot
option:
sudo certbot-auto renew --webroot -w /var/www/html
If that works, then I think certbot-auto is no longer able to properly determine where to place the authentication handling block and it fails to match.
I have restarted it…
oh WTF its worked with that webroot option…
certbot-auto renew --webroot -w /var/www/html Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/exxoshost.co.uk.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator webroot, Installer apache Renewing an existing certificate Performing the following challenges: http-01 challenge for www.exxoshost.co.uk http-01 challenge for exxoshost.co.uk Using the webroot path /var/www/html for all unmatched domains. Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed with reload of apache server; fullchain is /etc/letsencrypt/live/exxoshost.co.uk/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/exxoshost.co.uk/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You're welcome!
I don’t get what the actual problem is though ?
I still don’t see where the redirection happens…
Please show:
grep -Eri 'temporary|permanent|redirect|rewrite' /etc/apache2
I think certbot-auto is being confused with the <virtualhost> inside an <if module>
But I haven’t been able to prove that yet.
grep -Eri 'temporary|permanent|redirect|rewrite' /etc/apache2 /etc/apache2/mods-available/rewrite.load:LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so /etc/apache2/mods-available/setenvif.conf: # The following directive disables redirects on non-GET requests for /etc/apache2/mods-available/setenvif.conf: # redirects for folders with DAV methods. /etc/apache2/mods-available/setenvif.conf: BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully /etc/apache2/mods-available/setenvif.conf: BrowserMatch "MS FrontPage" redirect-carefully /etc/apache2/mods-available/setenvif.conf: BrowserMatch "^WebDrive" redirect-carefully /etc/apache2/mods-available/setenvif.conf: BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully /etc/apache2/mods-available/setenvif.conf: BrowserMatch "^gnome-vfs/1.0" redirect-carefully /etc/apache2/mods-available/setenvif.conf: BrowserMatch "^gvfs/1" redirect-carefully /etc/apache2/mods-available/setenvif.conf: BrowserMatch "^XML Spy" redirect-carefully /etc/apache2/mods-available/setenvif.conf: BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully /etc/apache2/mods-available/setenvif.conf: BrowserMatch " Konqueror/4" redirect-carefully /etc/apache2/apache2.conf: redirect / http://107.191.111.64:80 /etc/apache2/apache2.conf:Redirect / http://www.exxoshost.co.uk/atari/last/store.htm /etc/apache2/apache2.conf:# Redirect / "http://www.exxoshost.co.uk/atari/last/store.htm#mouse" /etc/apache2/apache2.conf:# Redirect / "http://www.exxoshost.co.uk/atari/last/store.htm#psu" /etc/apache2/apache2.conf:# Redirect / "http://www.exxoshost.co.uk/atari/last/store.htm#TOS" /etc/apache2/apache2.conf:# Redirect permanent /forum https://www.exxoshost.co.uk/forum /etc/apache2/envvars:# temporary state file location. This might be changed to /run in Wheezy+1 /etc/apache2/sites-available/000-default.conf: # redirection URLs. In the context of virtual hosts, the ServerName /etc/apache2/sites-available/default-ssl.conf:#Redirect permanent /forum https://www.exxoshost.co.uk/forum /etc/apache2/conf-available/localized-error-pages.conf:# 2) local redirects /etc/apache2/conf-available/localized-error-pages.conf:# 3) external redirects /etc/apache2/conf-available/localized-error-pages.conf:# We use Alias to redirect any /error/HTTP_.html.var response to
That’s no help…
Do you use .htaccess
files?