Some challenges have fallen

My domain is: coronavirushelp.it / www.coronavirushelp.it

I ran this command:
automatic certificate renewal under virtualmin

It produced this output:
2020-05-16 10:30:23,330:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: www.coronavirushelp.it
Type: unauthorized
Detail: Invalid response from https://www.coronavirushelp.it [34.253.80.76]: “\n<!doctype html>\n\n<html lang=“en”>\n\n\n\n\t<meta charset=“utf-8”>\n\t<meta http-equiv=“x-ua-compatible” content=“ie=edge”>\n\t<met”

Domain: coronavirushelp.it
Type: unauthorized
Detail: Invalid response from https://coronavirushelp.it [34.253.80.76]: “\n<!doctype html>\n\n<html lang=“en”>\n\n\n\n\t<meta charset=“utf-8”>\n\t<meta http-equiv=“x-ua-compatible” content=“ie=edge”>\n\t<met”

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

NOTE by me: coronavirushelp.it has a A record that points to 34.253.80.76, www.coronavirushelp.it has a CNAME record that points to coronavirushelp.it.

My web server is:
apache 2.4.6

The operating system my web server runs on is:
CentOS Linux 7.7.1908

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine : yes

I’m using a control panel to manage my site: virtualmin v6.08 / webmin v1.941

The version of my client is: certbot 1.0.0

The HTTP to HTTPS redirection is breaking the request.
Notice the redirection for the base domain as compared to a full URL redirected request.

Base URL:
curl -Iki http://www.coronavirushelp.it/
HTTP/1.1 302 Found
Date: Sat, 16 May 2020 10:44:28 GMT
Server: Apache
Location: https://www.coronavirushelp.it
Content-Type: text/html; charset=iso-8859-1

Full URL:
curl -Iki http://www.coronavirushelp.it/.well-known/acme-challenge/test-file
HTTP/1.1 302 Found
Date: Sat, 16 May 2020 10:42:47 GMT
Server: Apache
Location: https://www.coronavirushelp.it
Content-Type: text/html; charset=iso-8859-1

The full URL request should have been redirected to:
https://www.coronavirushelp.it/.well-known/acme-challenge/test-file
OR
Not have been redirected and handled by HTTP.

Thank you.
So you say that if I write a specific redirect rule on Apache configuration to redirect
http://www.coronavirushelp.it/.well-known/acme-challenge/test-file
to
https://www.coronavirushelp.it/.well-known/acme-challenge/test-file
then the problem will be solved?

Hi @santelia

your redirect doesn’t work - see https://check-your-website.server-daten.de/?q=coronavirushelp.it%2F.well-known%2Facme-challenge%2Ftest-file

Domainname Http-Status redirect Sec. G
http://coronavirushelp.it/.well-known/acme-challenge/test-file 34.253.80.76 302 https://coronavirushelp.it Html is minified: 100,00 % 0.106 A
http://www.coronavirushelp.it/.well-known/acme-challenge/test-file 34.253.80.76 302 https://www.coronavirushelp.it Html is minified: 100,00 % 0.093 A

It redirects to https + /, not to https + /.well-known/acme-challenge/test-file

So it’s wrong.

1 Like

There already exists a redirection.
The problem is the redirection is incorrect.
It sends all HTTP connections to: https://www.coronavirushelp.it
You need to find where the redirection was set and correct it.

Please show your apache config.

the httpd.conf section you mean has this rows:

SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL

VirtualHost xx.xx.xx.xx:80

(… awstat, cgibin, indexex, addhandler, removehandler and so on)

ServerName coronavirushelp.it
ServerAlias www.coronavirushelp.it

RewriteEngine on
RewriteCond %{HTTP_HOST} =coronavirushelp.it
RewriteRule ^(.) https://coronavirushelp.it [R]
RewriteCond %{HTTP_HOST} =www.coronavirushelp.it
RewriteRule ^(.
) https://www.coronavirushelp.it [R]

/VirtualHost

(… awstat, cgibin, indexex, addhandler, removehandler and so on)

ServerName coronavirushelp.it
ServerAlias www.coronavirushelp.it

RewriteEngine on

SSLEngine on
SSLCertificateFile /home/cvhelp_admin/ssl.cert
SSLCertificateKeyFile /home/cvhelp_admin/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

/VirtualHost

NOTE: there are of course <> characters on virtualhost and /virtualhost rows, but the editor here is not so easy for me to have a workaround to show them

Change:
RewriteRule ^(.* ) https://www.coronavirushelp.it [R]
To:
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Changed but didn’t solved the problem

This is the log:

2020-05-16 13:40:25,219:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/4618618302 HTTP/1.1” 200 1429
2020-05-16 13:40:25,220:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1429
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 74813055
date: Sat, 16 May 2020 11:40:25 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: …secretcodehere…

{
“identifier”: {
“type”: “dns”,
“value”: “www.coronavirushelp.it”
},
“status”: “invalid”,
“expires”: “2020-05-23T11:40:23Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from https://www.coronavirushelp.it [34.253.80.76]: “\n\u003c!doctype html\u003e\n\n\u003chtml lang=\“en\”\u003e\n\n\u003chead\u003e\n\n\t\u003cmeta charset=\“utf-8\”\u003e\n\t\u003cmeta http-equiv=\“x-ua-compatible\” content=\“ie=edge\”\u003e\n\t\u003cmet””,
“status”: 403
},
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/4618618302/r-I7Iw”,
“token”: “…secretcodehere…”,
“validationRecord”: [
{
“url”: “http://www.coronavirushelp.it/.well-known/acme-challenge/…secretcodehere…”,
“hostname”: “www.coronavirushelp.it”,
“port”: “80”,
“addressesResolved”: [
“34.253.80.76”
],
“addressUsed”: “34.253.80.76”
},
{
“url”: “https://www.coronavirushelp.it”,
“hostname”: “www.coronavirushelp.it”,
“port”: “443”,
“addressesResolved”: [
“34.253.80.76”
],
“addressUsed”: “34.253.80.76”
}
]
}
]
}
2020-05-16 13:40:25,220:DEBUG:acme.client:Storing nonce: …secretcodehere…
2020-05-16 13:40:25,221:WARNING:certbot._internal.auth_handler:Challenge failed for domain coronavirushelp.it
2020-05-16 13:40:25,221:WARNING:certbot._internal.auth_handler:Challenge failed for domain www.coronavirushelp.it
2020-05-16 13:40:25,221:INFO:certbot._internal.auth_handler:http-01 challenge for coronavirushelp.it
2020-05-16 13:40:25,221:INFO:certbot._internal.auth_handler:http-01 challenge for www.coronavirushelp.it
2020-05-16 13:40:25,221:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: coronavirushelp.it
Type: unauthorized
Detail: Invalid response from https://coronavirushelp.it [34.253.80.76]: “\n<!doctype html>\n\n<html lang=“en”>\n\n\n\n\t<meta charset=“utf-8”>\n\t<meta http-equiv=“x-ua-compatible” content=“ie=edge”>\n\t<met”

Domain: www.coronavirushelp.it
Type: unauthorized
Detail: Invalid response from https://www.coronavirushelp.it [34.253.80.76]: “\n<!doctype html>\n\n<html lang=“en”>\n\n\n\n\t<meta charset=“utf-8”>\n\t<meta http-equiv=“x-ua-compatible” content=“ie=edge”>\n\t<met”

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2020-05-16 13:40:25,222:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.

2020-05-16 13:40:25,222:DEBUG:certbot._internal.error_handler:Calling registered functions
2020-05-16 13:40:25,222:INFO:certbot._internal.auth_handler:Cleaning up challenges
2020-05-16 13:40:25,222:DEBUG:certbot._internal.plugins.webroot:Removing /home/sitemaindirectory/publicdir/.well-known/acme-challenge/uMZCC6iTwYPXWqiaN1IxHmOv17JwZMVPlYyTdOoVlow
2020-05-16 13:40:25,222:DEBUG:certbot._internal.plugins.webroot:Removing /home/sitemaindirectory/publicdir/.well-known/acme-challenge/Qirme5EL7o4mDzknGOggca_NIuTYofBgleEA30rV9c0
2020-05-16 13:40:25,223:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2020-05-16 13:40:25,223:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/letsencrypt”, line 9, in
load_entry_point(‘certbot==1.0.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 14, in main
return internal_main.main(cli_args)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1350, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1237, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/usr/lib/python2.7/site-packages/certbot/_internal/renewal.py”, line 307, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File “/usr/lib/python2.7/site-packages/certbot/_internal/client.py”, line 347, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python2.7/site-packages/certbot/_internal/client.py”, line 395, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.

It looks like your site is requesting authentication.

You might also want to check your site reputation:
image

Strange thing. Does not have any mail server attached til now, mail delivered and received thtourh a well known giant …

no it isn’t, as you can easily check if you browse it

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.