bozhich
December 28, 2022, 8:05pm
1
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: d-cloud.space
I ran this command: certbot --apache -d d-cloud.space
It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:http://d-cloud.space/.well-known/acme-challenge/yf9HhNX7MknvmcI-ztODvF2CmB-zinrLqGNVZL-5p9g: Error getting validation data
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.https://community.letsencrypt.org . See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): Apache/2.4.52 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 22.04
My hosting provider, if applicable, is: Superhosting.bg
I can login to a root shell on my machine (yes or no, or I don't know):yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0
Hello @bozhich , welcome to the Let's Encrypt community.
Using this online tool Let's Debug gives results here https://letsdebug.net/d-cloud.space/1315445 showing that Port 80 is not open.
You are using the HTTP-01 Challenge Type which requires Port 80.Best Practice - Keep Port 80 Open
2 Likes
I believe this is an issue:Location: http://95.87.240.190:8080.well-known/acme-challenge/yf9HhNX7MknvmcI-ztODvF2CmB-zinrLqGNVZL-5p9g
And some supplemental information:
$ curl -I http://d-cloud.space/.well-known/acme-challenge/yf9HhNX7MknvmcI-ztODvF2CmB-zinrLqGNVZL-5p9g
HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Dec 2022 20:15:41 GMT
Server: Apache
Location: http://95.87.240.190:8080.well-known/acme-challenge/yf9HhNX7MknvmcI-ztODvF2CmB-zinrLqGNVZL-5p9g
Content-Type: text/html; charset=iso-8859-1
e6430-i5$ nmap d-cloud.space
Starting Nmap 7.91 ( https://nmap.org ) at 2022-12-28 12:15 PST
Nmap scan report for d-cloud.space (193.107.37.51)
Host is up (0.19s latency).
rDNS record for 193.107.37.51: mx2.bgdns.net
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
Nmap done: 1 IP address (1 host up) scanned in 15.72 seconds
1 Like
bozhich
December 28, 2022, 8:33pm
4
Hello @Bruce5051 ,
I'm pretty sure that port 80 is opened but I allowed it again, anyway.
Still having the same issue...
1 Like
Yes it is; but the redirect from http://d-cloud.space to http://95.87.240.190:8080 I believe the problems
You are going to an IPv4 address with the redirect not a Domain Name
You are missing a / here :8080.well-known before the .well-known
2 Likes
bozhich
December 28, 2022, 8:42pm
6
Yes, it redirects to an IP address. Firstly, it was the public IP address that leads to the domain name and i was accessing the cloud with d-cloud.space:8080. But that wouldn't work for the certificate that's why i tried the redirection thing. Now i made the changes back with the public IP. Waiting for the changes to apply and will write here.
Testing and debugging are best done using the Staging Environment Rate Limits
1 Like
I see improvement from my location
$ curl -I http://d-cloud.space/.well-known/acme-challenge/R5PdCpCxu7tznknaFA2PffGUKFdgtSpOqfLN8qTpxQQ
HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 20:54:43 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
1 Like
Using this online tool https://check-host.net/ I gave http://d-cloud.space/.well-known/acme-challenge/6Iyjnv18L3oxPbfrVvbv3yqa2U6Zb2P9hbmGbsLbpb0 as the input and check HTTPPermanent link to this check report Connection timed out .
But I can connect
$ curl -I http://d-cloud.space/.well-known/acme-challenge/6Iyjnv18L3oxPbfrVvbv3yqa2U6Zb2P9hbmGbsLbpb0
HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 21:08:03 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
1 Like
bozhich
December 28, 2022, 9:13pm
10
Still problem. I can connect as well...
bozhich:
I can connect as well...
Yet I cannot connect from Windows Chrome or Firefox.
Kindly wait for more knowledgeable Let's Encrypt community volunteers to assist.
1 Like
bozhich
December 28, 2022, 9:15pm
12
Can you try with d-cloud.space:8080? I'm connecting with no problems...
rg305
December 28, 2022, 9:17pm
13
LE will NOT authentication over port 8080.
4 Likes
bozhich:
d-cloud.space:8080
Yes with Windows Chrome and Firefox.
$ curl -I http://d-cloud.space:8080/.well-known/acme-challenge/6Iyjnv18L3oxPbfrVvbv3yqa2U6Zb2P9hbmGbsLbpb0
HTTP/1.1 302 Found
Date: Wed, 28 Dec 2022 21:17:49 GMT
Server: Apache/2.4.52 (Ubuntu)
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
Set-Cookie: ocj5rgb579n7=meev5lthgpo85dp3mnl8tq9uuo; path=/; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=MfHWC93IHZUqTu1xPs0WT15Raa2BlnnyBgIW8KYPXAaKjrMLU3dHgImmhdKmpLggjsD1GHZpLbzNWCrSP%2FH%2FzTsColXL1bxbbS7lbtX5P8SwPU%2FaXJKA%2FGEwsRxjF50k; path=/; HttpOnly; SameSite=Lax
Set-Cookie: ocj5rgb579n7=tuvu3id5ptfiuu9uvt3e344iff; path=/; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-THYrNEU0azR6UCthNTAva2ZZQW1pYWFjRmZvaEJGajZlWU94bG43QXVuYz06WDhxTFZLWkx0SmZMdGhxaU1QZ1M2dTNYWjhOVFJqU3VRTkQwN3hIMmtTOD0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Set-Cookie: nc_sameSiteCookielax=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: nc_sameSiteCookiestrict=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Location: http://d-cloud.space:8080/index.php/login
Content-Type: text/html; charset=UTF-8
1 Like
schoen
December 28, 2022, 9:19pm
17
Port 80 is the only option for HTTP-01 challenge:
When you get a certificate from Let’s Encrypt, our servers validate that you control the domain names in that certificate using “challenges,” as defined by the ACME standard. Most of the time, this validation is handled automatically by your ACME...
7 Likes
system
January 27, 2023, 9:20pm
18
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
