Really Messed up Letsencypt reinstallation

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
kasdivi.com
I ran this command:
sudo certbot --apache -v
It produced this output:
Unable to read ssl_module file; not disabling session tickets.

My web server is (include version):
apach24
The operating system my web server runs on is (include version):
Freebsd 13.2
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2..9.0

2

That's just a warning, not a fatal error.

What's messed up about it exactly? What did you do? What didn't you do? What's the issue?

4 Likes
3

Hi @captcurrent !
I concur with Osiris. More specifically, How did you install apache2... Via the package system or did you compile it from source?

3 Likes
4

Hi @captcurrent,

Presently I see these 2 ERRORs using the online tool Let's Debug
https://letsdebug.net/kasdivi.com/1893062

ANotWorking
ERROR
kasdivi.com has an A (IPv4) record (209.160.65.133) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "http://kasdivi.com/.well-known/acme-challenge/letsdebug-test": dial tcp 209.160.65.133:80: connect: connection refused

Trace:
@0ms: Making a request to http://kasdivi.com/.well-known/acme-challenge/letsdebug-test (using initial IP 209.160.65.133)
@0ms: Dialing 209.160.65.133
@112ms: Experienced error: dial tcp 209.160.65.133:80: connect: connection refused

IssueFromLetsEncrypt
ERROR
A test authorization for kasdivi.com to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
209.160.65.133: Fetching http://kasdivi.com/.well-known/acme-challenge/ImJwhYeqVZO1nneW--rOZ_GHVj-35YXG1WRWU9xEZoM: Connection refused

As well as using nmap

$ nmap -Pn -p80,443 kasdivi.com
Starting Nmap 7.80 ( https://nmap.org ) at 2024-04-21 18:14 UTC
Nmap scan report for kasdivi.com (209.160.65.133)
Host is up (0.080s latency).

PORT    STATE  SERVICE
80/tcp  closed http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds

Is your server web service presently off line?

3 Likes
5

Running on freebsd=13.2 installed from ports. The web server is fine. I as trying to upgradetd my web server configuration and ins the process managed to pick up Fatal issues wit postfix and dovecot. Through out those I also saw ssl problems. Sohat I have done is back away from lets encrypt unit I can get those fixed and running using [FILE]Openssl[/File]. Got to crawl before I walk. You can all this also closed

6

Thans you the was from, yesterday

2 Likes
7

Here is what I presently see today.

$ nmap -Pn -p80,443 kasdivi.com
Starting Nmap 7.80 ( https://nmap.org ) at 2024-04-23 00:48 UTC
Nmap scan report for kasdivi.com (209.160.65.133)
Host is up (0.090s latency).

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.99 seconds

And https://letsdebug.net/kasdivi.com/1896292

BadRedirect
ERROR
Sending an ACME HTTP validation request to kasdivi.com results in an unacceptable redirect. This is most likely a misconfiguration of your web server or your web application.
It appears that a redirect was generated by your web server that is missing a trailing slash after your domain name: https://kasdivi.com.well-known/acme-challenge/letsdebug-test. Check your web server configuration and .htaccess for Redirect/RedirectMatch/RewriteRule.

Trace:
@0ms: Making a request to http://kasdivi.com/.well-known/acme-challenge/letsdebug-test (using initial IP 209.160.65.133)
@0ms: Dialing 209.160.65.133
@224ms: Server response: HTTP 301 Moved Permanently
@224ms: Received redirect to https://kasdivi.com.well-known/acme-challenge/letsdebug-test

IssueFromLetsEncrypt
ERROR
A test authorization for kasdivi.com to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
209.160.65.133: Fetching https://kasdivi.com.well-known/acme-challenge/ixyKvqSj6dX61e-zPTs_RYR4KsAuv0SzBKwmrSLlS1Q: Invalid host in redirect target "kasdivi.com.well-known". Check webserver config for missing '/' in redir
1 Like
8

@captcurrent you do not have the redirection working properly

curl -Ii http://kasdivi.com/.well-known/acme-challenge/sometestfile
HTTP/1.1 301 Moved Permanently
Date: Tue, 23 Apr 2024 01:17:59 GMT
Server: Apache
Location: https://kasdivi.com.well-known/acme-challenge/sometestfile
Content-Type: text/html; charset=iso-8859-1

http://kasdivi.com/.well-known/acme-challenge/sometestfile

is being redirected to

https://kasdivi.com.well-known/acme-challenge/sometestfile

$ curl -k -Ii https://kasdivi.com.well-known/acme-challenge/sometestfile
curl: (6) Could not resolve host: kasdivi.com.well-known

https://kasdivi.com.well-known/acme-challenge/sometestfile is not the correct domain name.
There is a forward slash / missing between .com and .well-known

1 Like
9

not currently using the cerbotgenerated info. moved to openssl to get sire working again,,, may try it again next week

10

Did you correct the above issue @captcurrent ?

1 Like
11

I asked that this issue be closed several time. am using openssl. tilll I can figure out certbot-

12

You do closing right in the topic.

1 Like
13

huh?? I am closing this instance topic If need be I will open a new one when I fail next time

14

Yes. :slight_smile:

1 Like
15

ahh I forgot to check solution

1 Like