Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
soalom.com.mx
I ran this command:
certbot --apache
It produced this output:
Detail: 38.124.201.39: Fetching http://store.soalom.com.mx/.well-known/acme-challenge/CWpkAJjGoXQhT7ngEhMbNrpwpTCKmdesjbDXtvzV4Io: Error getting validation data
My web server is (include version): apache
The operating system my web server runs on is (include version): Rocky 8
My hosting provider, if applicable, is: NONE
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.27.0
Hi @calexandre, and welcome to the LE community forum
There is not enough information given for me to adequately help you.
I do see that you are using Apache.
That has been known to allow inconsistent configurations.
Configurations that might confuse certbot --apache.
Without any other "clue", I would start there; Please show the output of: apachectl -t -D DUMP_VHOSTS
Hello,
following your suggestion the following appears:
Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
I see port 443 server rejecting http. Does not help with the other issues, just noting.
curl -i http://store.soalom.com.mx:443
HTTP/1.1 400 Bad Request
Date: Tue, 24 May 2022 01:51:16 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Content-Length: 362
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
</p>
</body></html>
You beat me to the punch!
I just edited my post about that.
Since this actually connected and returned a cert: openssl s_client -connect store.soalom.com.mx:443
Never-the-less port 80 is the focus and the problem for now.
hello all, thank you for your answers and help.
To perform some tests I changed the ip addresses between servers, and I have made some port redirects to verify that the problem does not remain in the firewall, some servers already had certificates, maybe that shows rare behaviors, tomorrow I'll continue with tests.
