SSL Certbot errors

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

**My domain is: ** jeffwebsite.dev

I ran this command: sudo certbot certonly --webroot -w /usr/local/lsws/Example/html/ -d jeffwebsite.dev -d www.jeffwebsite.dev

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jeffwebsite.dev
http-01 challenge for www.jeffwebsite.dev
Using the webroot path /usr/local/lsws/Example/html for all unmatched domains.
Waiting for verification…
Challenge failed for domain www.jeffwebsite.dev
Challenge failed for domain jeffwebsite.dev
http-01 challenge for www.jeffwebsite.dev
http-01 challenge for jeffwebsite.dev
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: jeffwebsite.dev
    Type: connection
    Detail: Fetching
    https://jeffwebsite.dev/.well-known/acme-challenge/KMD_WUubXoYnSJ8xPWjtznkWUvIiQ5nZnYxwTFm57WY:
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

  • The following errors were reported by the server:

    Domain: www.jeffwebsite.dev
    Type: unauthorized
    Detail: Invalid response from
    https://www.jeffwebsite.dev/.well-known/acme-challenge/n4H96D7yHs6r4waWm2LGpcSYauKLirPHrOlecjT9EdU
    [157.230.140.165]: "\n\n\n\n\t\n\t\t\n\t\t<meta charset=“utf-8”>\n\t\t<meta
    name=“viewport” content=“width=d”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): OpenLightSpeed 1.6.15 Django

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: Digital Ocean VPS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): OpenLightSpeed WebAdmin Console

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.7.0

1 Like

Another info I forgot to mention and might be important.

My domain is provided by Google Domains

1 Like

Could you please create these files:

echo 1 > /usr/local/lsws/Example/html/acme-test
echo 1 > /usr/local/lsws/Example/html/.well-known/acme-challenge/acme-test
1 Like

the 2nd line outputs this
-bash: /usr/local/lsws/Example/html/.well-known/acme-challenge/acme-test: Is a directory

EDIT:
Nvm I messed up. I got it, 2 files created.

Well, neither of those files are accessible:

$ curl -IkL jeffwebsite.dev/.well-known/acme-challenge/acme-test
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
Location: https://jeffwebsite.dev/.well-known/acme-challenge/acme-test
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Tue, 25 Aug 2020 03:55:01 GMT
Server: LiteSpeed
Connection: Keep-Alive

HTTP/2 404
content-type: text/html; charset=utf-8
x-frame-options: DENY
vary: Cookie
strict-transport-security: max-age=5; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
date: Tue, 25 Aug 2020 03:55:02 GMT
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000

and

$ curl -IkL jeffwebsite.dev/acme-test
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
Location: https://jeffwebsite.dev/acme-test
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Tue, 25 Aug 2020 03:55:09 GMT
Server: LiteSpeed
Connection: Keep-Alive

HTTP/2 404
content-type: text/html; charset=utf-8
x-frame-options: DENY
vary: Cookie
strict-transport-security: max-age=5; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
date: Tue, 25 Aug 2020 03:55:09 GMT
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000

which suggests that the webroot you’re nominating is not right.

Where is your site’s main.css located?

find /usr/local/lsws/ -path "*/css/main.css"

You are probably proxying from Litespeed to Django somehow, but there is a document root somewhere for the Django app, right?

1 Like

its on
/usr/local/lsws/Example/html/demo/public/static/css/main.css

1 Like

OK. Try your original command again, but this time, make sure you provide the full webroot:

-w /usr/local/lsws/Example/html/demo/public
1 Like

Same error again.

Should I create the files again inside the new webroot?

How does your Django app route requests?

For example, is there a special route configured inside it for the /static subpath?

We have to figure out how to make it pass-through /.well-known to the filesystem, because it’s not happening right now.

I’m just started learning how to use pythong with django. I assume that everytime I do a modification to the static folder I have to update the webserver by typing
python3 manage.py collectstatic

Its a main issue where if I dont do that the webserver will not be able to access the css/media files that are in static folder, which I use to store all my css, img etc. (based on the tutorial I see in OpenLightSpeed)

Are you using https://marketplace.digitalocean.com/apps/openlitespeed-django? Or if not, could you link the tutorial you are using?

There will be a right way to this based on your current setup, but it’d be good to know what that setup exactly is.

1 Like

Yes i used that digitalocean droplet config
This is the very first one I looked at.

1 Like

edit: Yes i used that digitalocean droplet config

sorry

1 Like

Thanks. If you used that DigitalOcean droplet from the marketplace, then I’m not sure what’s wrong. Your original command should have worked just fine.

Did you change anything in the Litespeed context settings?

One last check:

mkdir -p /usr/local/lsws/Example/html/.well-known/acme-challenge
echo 2 > /usr/local/lsws/Example/html/.well-known/acme-challenge/acme-test-2
1 Like

Nope I havent add change anything to the lightspeed context settings

Whenever I try opening my website using the domain, the browser blocks me due to website not having SSL Certificate (or invalid) is it possible because of that?

I chose a domain that is secure from google domains idk if that affects the process of creating a certificate.

It’s a good thought, but that behavior (related to .dev domains) only affects browsers. It wouldn’t interfere with the certificate issuing process.

Were you able to run the commands in my last post?

do you know what this does?

you shouldn’t probably use this command (use certbot run instead), and add a --deploy-hook to install and reload the certificate.

1 Like

I tried, it didnt work error:

root@mywebsite:/usr/local/lsws/Example/html/demo# certbot certonly --webroot -w /usr/local/lsws/Example/html/demo/public -d jeffwebsite.dev -d www.jeffwebsite.dev
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jeffwebsite.dev
http-01 challenge for www.jeffwebsite.dev
Using the webroot path /usr/local/lsws/Example/html/demo/public for all unmatched domains.
Waiting for verification…
Challenge failed for domain jeffwebsite.dev
Challenge failed for domain www.jeffwebsite.dev
http-01 challenge for jeffwebsite.dev
http-01 challenge for www.jeffwebsite.dev
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

I mean, the mkdir and echo in this comment.

If you could post the contents of /usr/local/lsws/conf/vhosts/Example/vhconf.conf as well, that would be useful to compare the Litespeed config with what it’s meant to be.

1 Like