[Solved] Problems issuing a certificate

Please fill out the fields below so we can help you better.

My domain is: deimidis.me

I ran this command: ./certbot-auto certonly --webroot -w deimidis.me/public/ -d www.deimidis.me -d deimidis.me

It produced this output: unauthorized, invalid response. To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

My operating system is (include version): Debian 7

My web server is (include version): apache 2.2

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

The website I’m trying to add the certificate is a ghost blog, running on a vhost (i have other certificates for other domains in the same server). I think that the problem could be that ghost don’t let access to .well-know (the folder is created by certbot-auto).

I’m assuming apache is acting as a reverse proxy to Ghost in your case, and Ghost doesn’t know that it’s supposed to serve the challenge file.

The simplest option might be to tell apache to not send requests that match /.well-known/acme-challenge to node, but rather serve them from the DocumentRoot (which I assume is set to deimidis.me/public for your vhost). This could be done with:

ProxyPass /.well-known/acme-challenge !

This’ll have to be placed before the other Proxy* directives. If you’re doing something else in your vhost or this isn’t working for some other reason, it would probably be useful to see your full vhost config.

Thanks @pfg I tried your suggestion and didn0t work. Maybe because I’m using ghost direct behind public rather than one step more (just to be clear, it says deimidis.me/public/config.js and no deimidis.me/public/ghost/config) so when the first proxy goes to root, is going to ghost/node anyways.

My vhost config works with this:

<VirtualHost *:80>
  ServerName www.deimidis.me
  ServerAlias deimidis.me
  <proxy *>
  order deny,allow
  allow from all
  </proxy>
  ProxyPass /.wel-known/acme-challenge !
  ProxyPass / http://localhost:2369/
  ProxyPassReverse / http://localhost:2369/
 <Location />
        Order allow,deny
        Allow from all
    </Location>
</VirtualHost>

Thanks for your help.

Hello @deimidis,

You mistyped the ProxyPass directive sugested by @pfg, you forgot an l for well-known.

Correct it and check again.

Cheers,
sahsanu

Helle @sahsanu thank for see that error. Now it’s works little better, but still with problems, because it goes to the 404 of Apache rather than 404 from ghost.

Domain: deimidis.me
   Type:   unauthorized
   Detail: Invalid response from
   http://deimidis.me/.well-known/acme-challenge/QLKSANQ9nQ1Wdp1MouhIcpxvOkMo2jYxbILGCQPpJ6A:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

Inside .weel-known folder there’s no files, I don’t if this could be a permission problem.

Your vhost doesn't seem to have a DocumentRoot directive, so apache probably defaults to some directory other than deimidis.me/public/ to check for the files. I would recommend adding something like DocumentRoot /var/www/html/letsencrypt and then using that path as the -w flag for certbot.

That's normal, the files are deleted when certbot is done.

Thanks @pfg adding DocumentRoot make it work! Now it’s time to add SSL to the node part, something else to learn.

Thanks both for all your help!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.