Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer apache
Running pre-hook command: systemctl stop apache2
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.hixfamily.us
http-01 challenge for cloud.hixfamilyreunion.com
http-01 challenge for www.hixfamily.us
http-01 challenge for www.hixfamliyreunion.com
Waiting for verification…
Cleaning up challenges
Running post-hook command: systemctl start apache2
Failed authorization procedure. www.hixfamliyreunion.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for www.hixfamliyreunion.com
I checked each one is going to the apache start page… so DNS is working as expected.
Hope I did not hijack the thread. Let me know and I will move this to a new topic.
Thank you
–edit—
I noticed the liy instead of ily … corrected and it ran as expected. Sorry for the confusion
I appreciate there is a straightforward work around, and I also understand the security vulnerability as well as the importance of maintaining your ability to issue certificates.
However we’ve already deployed certbot with auto renewal across dozens of environments and hundreds of sites – do you recommend we switch everything over now or is there going to be an anticipated fix to restore original functionality?
To make this clear for me.
This means the letsencrypt/certbots apache module is now dead?
I can’t use --apache in the future?
Or is there a way that I can use the apache module with HTTP-01 challanges?
The standalone and the webroot modules have both downsides (server needs to be stopped or customer .htaccess can destroy the webroot way).
There is surely a way around this, but the apache module solves many problems for me in a good way.
Hi, I am little confused here … can anyone please suggest me correct solution on this?
I have following cron being executed on weekly basis: sudo /opt/letsencrypt/certbot-auto renew --renew-hook “service apache2 reload” >> /var/log/certbot-renew.log && sudo service postfix restart && sudo service dovecot restart
But now it started returning me this error: Cert is due for renewal, auto-renewing… Plugins selected: Authenticator apache, Installer apache Renewing an existing certificate Performing the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Attempting to renew cert (somedomain.cz) from /etc/letsencrypt/renewal/somedomain.cz.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA… Skipping.
Additional error displayed is: All renewal attempts failed. The following certs could not be renewed:
_ /etc/letsencrypt/live/somedomain.cz/fullchain.pem (failure)_
Should I update my cron command somehow or it is needed to call some command for each domain on server separately to resolve this issue?
The first post in this thread has examples of what Certbot commands to use.
For example, if you used “certbot --apache -d example.com -d www.example.com” before, you might use “certbot --authenticator webroot --installer apache --webroot-path /var/www/example.com/public_html -d example.com -d www.example.com”, if that’s how your web server is configured.
We can’t say anything precise without knowing more about how the web server is configured and what commands were used before.
There isn’t a guide for editing the files, no. I don’t recommend it, especially in a thread with thousands of views.
I am in the process of setting up Let’s Encrypt docker for unraid to be able to access my other dockers remotely.
I am relatively new to setting up the docker and unraid and am learning as I go along.
Question I have is where do I run these commands. Do i need to add them to a config file somewhere and if so which file is it and where would I find it.
For this, update your docker, and there should be a variable called HTTPVAL under advanced set to false (if it isn’t create it… Add path port or variable) set this variable to true and restart the docker.
This should set the linuxserver.io letsencrypt docker to use http-01 instead of TLS-SNI-01.