SOLVED - Could not verify domain

My domain

I ran this command:
certbot-auto --staging
certbot-auto --staging --apache

It produced this output:

My web server is (include version): Apache 2.4.18

The operating system my web server runs on is (include version):Ubuntu 16.04.3 LTS

I can login to a root shell on my machine: Yes

I’m using a control panel to manage my site: No

Hi All, I’ve got what I think is a fairly simple setup. One webserver with one domain name pointed to it on one IP address. When I run certbot it fails with the above message. If I drop a txt file into then I can get to it no problem via a browser (http request is re-directed to https). I’m assuming that certbot is struggling to write the file or is writing it to the wrong place maybe. I have tried to ls the folder whist waiting for the challenge and the file never seems to appear.

Could anyone help me with working out where certbot is writing the .well-know/acme-challenge to and how I would find out if it is struggling to write.

Incidentally I am running as root from a sudo -i

Thanks in advance

Hi @gwes,

I’ve tried to reach your site from different countries and no way, always timeout, you should double check whether the ip of that domain is the right one ( or you have any kind of firewall dropping the connection.

Edit: I forgot to comment that port 80 seems filtered by a firewall but port 443 allows connections.


Hi Sahsanu,

Thanks for taking a look at this. I have been playing with this so the site will have been a bit up and down however;
It looks like I had port 80 firewalled but I didn’t realize. When I went to 80 I got redirected to 443, which I thought was a result of a re-write in the apache config. It turns out that Chrome was automatically re-directing me to https (not sure why, maybe HSTS).

That would totally explain why letsencrypt was unable to communicate with the server via http:80… because the firewall was doing it’s job.

Sorry for posting what turned out to be such a obvious error.Warning to all, check that you are ACTUALLY getting to YOUR server not getting re-directed to https:443 before you hit it.

1 Like

It could be STS if you configured it in your web server but that doesn't seem to be the case. Chrome has this "feature", if it tries to reach your domain on port 80 and it can't, it tries to reach it on port 443... just in case :wink:

Setting STS was one of the Owncloud security recommendations at one point. I’ve got it running in so many places I don’t really remember if I set it on this install or not. Good to know that Chrome is “helping”.

Still slightly confused why I did not see the dir/files get created (which is what made me think it was something else) but maybe that only happens once a http connection has been made.

I’ve updated the subject to show it’s resolved but is there a way for me to close the topic?

Instead of rename the title to SOLVED, there is a square with a tick in the middle icon in every post so you can mark that post as the solution. Regarding to close the topic, if there are no more posts, it will be closed in a month so there is no need to close it.


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.