Renewal fails, Apache 2.4/Ubuntu


#1

Please fill out the fields below so we can help you better.

My domain is: unkommod.eu

I ran this command: ./certbot-auto renew --dry-run --keep-until-expiring

It produced this output: (domain anonymized to mydomain.test)
Attempting to renew cert from /etc/letsencrypt/renewal/mydomain.test.conf produced an unexpected error: Failed authorization procedure. mydomain.test (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to www.mydomain.test.well-known, maximus.mydomain.test (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to maximus.mydomain.test.well-known, imap.mydomain.test (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to www.mydomain.test.well-known, zeus.mydomain.test (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to www.mydomain.test.well-known, smtp.mydomain.test (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to www.mydomain.test.well-known, www.mydomain.test (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to www.mydomain.test.well-known, pop.mydomain.test (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to www.mydomain.test.well-known. Skipping.

My operating system is (include version): Ubuntu 16.04 LTS

My web server is (include version): Apache 2.4

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no control panel

Hallo,

I’m running a wordpress site unter Ubuntu 16.04/Apache 2.4. The main site is https://www.unkommod.eu. This site is ssl only and there are aliases for pop3, imap and fqdn, needed for my mail server. There are permanent redirects from the non-www-site to the ssl www-site. On a subdomain https://maximus.unkommod.eu I currently have only the welcome message from apache, together with the allowance to access .well-known.

The main site looks like:

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName www.mydomain.test
        ServerAlias smtp.mydomain.test imap.mydomain.test pop.mydomain.test mydomain.test zeus.mydomain.test
	DocumentRoot /var/www/mydomain/public_html
	. . .
	. . .
	. . . 
        <Directory "/var/www/mydomain/public_html/.well-known">
            Options -Indexes
            Require all granted
        </Directory>

        <Directory "/var/www/mydomain/public_html">
            Require all granted
            DirectoryIndex index.php
            AllowOverride FileInfo
            Options FollowSymLinks
            FallbackResource /index.php
            # Deny access to No-Referrer Requests
            # (Spam Bots which don't use comment form)
            <IfModule mod_rewrite.c>
                 RewriteCond %{REQUEST_METHOD} POST
                 RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
                 RewriteCond %{HTTP_REFERER} !.*mydomain.test.* [OR]
                 RewriteCond %{HTTP_USER_AGENT} ^$
                 RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]
            </IfModule>
        </Directory>

All sites are online, and a textfile (test - no extension) placed under .well-known gets delivered properly on the main site as well as the subdomain.

3 month ago I could create certs without a problem. Now they are nearly expired, and I can’t get a renewal (getting a 403)


#2

This is often caused by a bad redirect. Could you post the configuration for the corresponding VirtualHost on port 80?


#3
<VirtualHost *:80>
       ServerName unkommod.eu
       Redirect permanent / https://www.unkommod.eu
</VirtualHost>

<VirtualHost *:80>
       ServerName www.unkommod.eu
       Redirect permanent / https://www.unkommod.eu
</VirtualHost>

and for the subdomain:

<VirtualHost *:80>
	ServerName maximus.unkommod.eu
	Redirect permanent / https://maximus.unkommod.eu
</VirtualHost>

#4

Yeah, so you need to add the slash at the end. E.g.:

<VirtualHost *:80>
       ServerName unkommod.eu
       Redirect permanent / https://www.unkommod.eu/
</VirtualHost>

and the same for the others.


#5

Look very closely to the error you’re getting:

Is that a valid host name to connect to? Kinda weird top level domain name, isn’t it? :wink:

In combination with:

What could the problem be? :slight_smile: It’s a very tiny small detail, but a crucial very tiny small detail :slight_smile:


#6

Holy cow: You just saved my life. I was close to a panic.
After applying the changes, dry-run works as well as certificate renewal!


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.