Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: kasdivi.com
I ran this command:
sudo certbot --apache -v
It produced this output:
Unable to read ssl_module file; not disabling session tickets.
My web server is (include version):
apach24
The operating system my web server runs on is (include version):
Freebsd 13.2
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
ANotWorking
ERROR
kasdivi.com has an A (IPv4) record (209.160.65.133) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "http://kasdivi.com/.well-known/acme-challenge/letsdebug-test": dial tcp 209.160.65.133:80: connect: connection refused
Trace:
@0ms: Making a request to http://kasdivi.com/.well-known/acme-challenge/letsdebug-test (using initial IP 209.160.65.133)
@0ms: Dialing 209.160.65.133
@112ms: Experienced error: dial tcp 209.160.65.133:80: connect: connection refused
IssueFromLetsEncrypt
ERROR
A test authorization for kasdivi.com to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
209.160.65.133: Fetching http://kasdivi.com/.well-known/acme-challenge/ImJwhYeqVZO1nneW--rOZ_GHVj-35YXG1WRWU9xEZoM: Connection refused
As well as using nmap
$ nmap -Pn -p80,443 kasdivi.com
Starting Nmap 7.80 ( https://nmap.org ) at 2024-04-21 18:14 UTC
Nmap scan report for kasdivi.com (209.160.65.133)
Host is up (0.080s latency).
PORT STATE SERVICE
80/tcp closed http
443/tcp closed https
Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds
Running on freebsd=13.2 installed from ports. The web server is fine. I as trying to upgradetd my web server configuration and ins the process managed to pick up Fatal issues wit postfix and dovecot. Through out those I also saw ssl problems. Sohat I have done is back away from lets encrypt unit I can get those fixed and running using [FILE]Openssl[/File]. Got to crawl before I walk. You can all this also closed
$ nmap -Pn -p80,443 kasdivi.com
Starting Nmap 7.80 ( https://nmap.org ) at 2024-04-23 00:48 UTC
Nmap scan report for kasdivi.com (209.160.65.133)
Host is up (0.090s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.99 seconds
BadRedirect
ERROR
Sending an ACME HTTP validation request to kasdivi.com results in an unacceptable redirect. This is most likely a misconfiguration of your web server or your web application.
It appears that a redirect was generated by your web server that is missing a trailing slash after your domain name: https://kasdivi.com.well-known/acme-challenge/letsdebug-test. Check your web server configuration and .htaccess for Redirect/RedirectMatch/RewriteRule.
Trace:
@0ms: Making a request to http://kasdivi.com/.well-known/acme-challenge/letsdebug-test (using initial IP 209.160.65.133)
@0ms: Dialing 209.160.65.133
@224ms: Server response: HTTP 301 Moved Permanently
@224ms: Received redirect to https://kasdivi.com.well-known/acme-challenge/letsdebug-test
IssueFromLetsEncrypt
ERROR
A test authorization for kasdivi.com to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
209.160.65.133: Fetching https://kasdivi.com.well-known/acme-challenge/ixyKvqSj6dX61e-zPTs_RYR4KsAuv0SzBKwmrSLlS1Q: Invalid host in redirect target "kasdivi.com.well-known". Check webserver config for missing '/' in redir
http://kasdivi.com/.well-known/acme-challenge/sometestfile
is being redirected to
https://kasdivi.com.well-known/acme-challenge/sometestfile
$ curl -k -Ii https://kasdivi.com.well-known/acme-challenge/sometestfile
curl: (6) Could not resolve host: kasdivi.com.well-known
https://kasdivi.com.well-known/acme-challenge/sometestfile is not the correct domain name.
There is a forward slash / missing between .com and .well-known