Some challenges have failed

Hi everyone,
Thanks for your help in advance.

My domain is: andashare.andatech.com

I ran this command: sudo certbot --apache

It produced this output: Some challenges have failed.

My web server is (include version): Server version: Apache/2.4.6

The operating system my web server runs on is (include version):(CentOS)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Letsencrypt.log:
2022-11-18 10:37:49,481:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2022-11-18 10:37:49,833:DEBUG:certbot._internal.main:certbot version: 1.32.0
2022-11-18 10:37:49,833:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/2511/bin/certbot
2022-11-18 10:37:49,833:DEBUG:certbot._internal.main:Arguments: ['--dry-run', '--preconfigured-renewal']
2022-11-18 10:37:49,834:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-11-18 10:37:49,849:DEBUG:certbot._internal.log:Root logging level set at 30
2022-11-18 10:37:49,850:DEBUG:certbot._internal.display.obj:Notifying user:


2022-11-18 10:37:49,850:DEBUG:certbot._internal.display.obj:Notifying user: No simulated renewals were attempted.
2022-11-18 10:37:49,850:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-11-18 10:37:49,850:DEBUG:certbot._internal.renewal:no renewal failures

Edited I miss read, small cell screen, and thought the Topic Poster only had one dash before apache. Sorry! :slightly_frowning_face:

Please check here for detail

5 Likes

I exactly followed this instruction but for my Centos 7 :slight_smile:

1 Like

Hi @andatech-it, and welcome to the LE community forum :slight_smile:

Please show more (or all) of the certbot log file.
Usually found at: /var/log/letsencrypt/letsencrypt.log
[if not there, try locating it with: find / -name letsencrypt.log]

3 Likes

Hi mate
Thanks for your reply. I attached the log file here.
letsencrypt.txt (18.2 KB)

1 Like

These are the most significant lines in that log (to me):

2022-11-18 11:57:31,440:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache

2022-11-18 11:57:34,116:DEBUG:certbot_apache._internal.http_01:writing a pre config file with text:
         RewriteEngine on
        RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
    
2022-11-18 11:57:34,187:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf/httpd.conf
2022-11-18 11:57:34,188:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf.d/andashare.conf

        "detail": "110.174.21.194: Invalid response from http://andashare.andatech.com/.well-known/acme-challenge/SWT0OJqGsNks1LVkBJ9pcsXPklsQMzGf3bmy1OQ5b5Y: \"\u003c!doctype html\u003e\\n\u003chtml lang=\\\"en\\\" class=\\\"be-light-mode\\\"\u003e\\n    \u003chead\u003e\\n        \u003cbase href=\\\"/\\\"\u003e\\n\\n                    \u003ctitle class=\\\"dst\"",
        "status": 403

From that, I'd like to see the file:
/etc/httpd/conf.d/andashare.conf
and the output of:
apachectl -t -D DUMP_VHOSTS

5 Likes

Hi mate, thanks for your time and comment.
the conf file :slight_smile:

<VirtualHost 110.174.21.194:80>
    ServerName andashare.andatech.com
    ServerAlias www.andashare.andatech.com
    DocumentRoot /var/www/andashare/html
    ErrorLog /var/www/andashare/log/error.log
    CustomLog /var/www/andashare/log/requests.log combined
</VirtualHost>

<VirtualHost 110.174.21.194:443>
    ServerName andashare.andatech.com
    ServerAlias www.andashare.andatech.com
    DocumentRoot /var/www/andashare/html
    ErrorLog /var/www/andashare/log/error.log
    CustomLog /var/www/andashare/log/requests.log combined
</VirtualHost>

output of the commend:

Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.

You should remove this block; as it holds no way of encrypting:

And try showing:
httpd -t -D DUMP_VHOSTS
OR
httpd -S

5 Likes

here you go

[Mon Nov 21 09:04:29.090398 2022] [so:warn] [pid 5335] AH01574: module php7_module is already loaded, skipping
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
172.18.1.10:80 andashare.com (/etc/httpd/sites-enabled/andashare.conf:1)
172.18.1.10:2020 cftp.com (/etc/httpd/sites-enabled/cftp.conf:1)

and for https -s:

[Mon Nov 21 09:05:21.441422 2022] [so:warn] [pid 5336] AH01574: module php7_module is already loaded, skipping
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
172.18.1.10:80 andashare.com (/etc/httpd/sites-enabled/andashare.conf:1)
172.18.1.10:2020 cftp.com (/etc/httpd/sites-enabled/cftp.conf:1)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/andashare/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

Please show these two files:

4 Likes
<VirtualHost 110.174.21.194:80>
    ServerName andashare.andatech.com
    ServerAlias www.andashare.andatech.com
    DocumentRoot /var/www/andashare/html
    ErrorLog /var/www/andashare/log/error.log
    CustomLog /var/www/andashare/log/requests.log combined
</VirtualHost>

Is that both files?

5 Likes

yes, same

Then I would delete one of them.
But be sure that the /sites-enabled/ entry isn't a symlink and there's only one real file - being used twice.

4 Likes

It's kind of a shortcut to the main file which is in /etc/httpd/conf.d/andashare.conf
Do I need to remove it? Then I believe I have to make changes on apache conf file.
Do you recon this is the issue?

Then it's likely being loaded twice.
once by:

    include /etc/nginx/conf.d/*.conf;

and again by:

    include /etc/nginx/sites-enabled/*;
4 Likes

I'm very sorry, I was looking at a wrong andashare.conf file
I fixed it not the file points at the same configuration :

<VirtualHost 110.174.21.194:80>
ServerName andashare.andatech.com
ServerAlias www.andashare.andatech.com
DocumentRoot /var/www/andashare/html
ErrorLog /var/www/andashare/log/error.log
CustomLog /var/www/andashare/log/requests.log combined

now I faced this error:

[root@localhost ~]# sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Which names would you like to activate HTTPS for?


1: andashare.andatech.com
2: www.andashare.andatech.com
3: cftp.com
4: www.cftp.com
5: 110-174-21-194.static.tpgi.com.au


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for andashare.andatech.com
Performing the following challenges:
http-01 challenge for andashare.andatech.com
Waiting for verification...
Challenge failed for domain andashare.andatech.com
http-01 challenge for andashare.andatech.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

I'd suggest getting a cert for "1 & 2".

To fix that error, start with the output of:
nignx -T

4 Likes

[root@localhost ~]# nginx -T

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2;
#        listen       [::]:443 ssl http2;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}


# configuration file /etc/nginx/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    font/woff                                        woff;
    font/woff2                                       woff2;

    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;

OK, I see the confusion now, you have both Apache and nginx installed.
Only one can be bound to port 80.
If you are not using one of them (and don't intend on using it), then you should uninstall that one.

4 Likes