so, i am trying to install Lets Encrypt ssl certificate on go daddy server and have followed the steps as below
’------------------------------------------------------------------------
Web Service Provider = Godaddy
Web Server : CPanel on Linux
Domain : www.99anchors.com, dev.new.citykites.com
SSH enabled
’------------------------------------------------------------------------
My local machine is Mac OS X on Sierra.
I have installed Certbot on my local machine
’------------------------------------------------------------------------
followed the steps as mentioned here> https://isabelcastillo.com/lets-encrypt-ssl-certificate-godaddy-shared-cpanel
used command sudo certbot --apache certonly
Got the error as below
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for dev.new.citykites.com
No vhost exists with servername or alias of: dev.new.citykites.com (or it's in a file with multiple vhosts, which Certbot can't parse yet). No vhost was selected. Please specify ServerName or ServerAlias in the Apache config, or split vhosts into separate files.
Falling back to default vhost *:443...
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. dev.new.citykites.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested 420317859e2dcfbf5fa9d75aa.acme.invalid from XXX.XXX.71.135:443. Received 2 certificate(s), first certificate had names "*.prod.phx3.secureserver.net, prod.phx3.secureserver.net"
Domain: dev.new.citykites.com
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
Requested
42037d168226d109940f0dacfbf5fa9d75aa.acme.invalid
from XXX.XXX.71.135:443. Received 2 certificate(s), first
certificate had names "*.prod.phx3.secureserver.net,
prod.phx3.secureserver.net"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
so its actually giving me some hints ofcourse that I failed the challenge and certbot was not able to download some file from the webserver…
question is… what kind of file is it looking for and how can upload it myself so certbot can download it from my local machine?
I have access to SSH.
any help would be appreciated.
Thank you so much
The command you ran is only applicable or useful if you’re running Certbot on your server, not on your local machine. The errors that you saw are because Certbot expected to be able to directly modify the configuration of Apache on your server. Since it was running on your local machine instead, it couldn’t do so.
It seems like this problem is coming up more and more often so maybe we should try to do more to figure out why so many people are trying to run Certbot on their local machines (especially with --apache in particular). There are forms of certbot --manual that can be useful when run on your local machine, and that will give you files to upload to your web server.
Thank you!!
I ran sudo certbot certonly --manual
also entered the domain names correctly and followed exactly the steps mentioned
e.g it asks me to ensure that the file is accessible from http://www.99anchors.com/.well-known/acme-challenge/xxxxlongcode
so I created the file , as mentioned via ssh’ing in to the domain 99anchors, create directories, wellknown and acme challenge and printed the file xxxxlongcode inside acmechallenge
I got the error as below
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: 99anchors.com
Type: unauthorized
Detail: Invalid response from
:
"
<meta http-equiv=“content”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
and yeah…
I tried to paste the url
http://99anchors.com/.well-known/acme-challenge/xxxlongcode
but ofcourse, my website is running there and initially my .htaccess was redircting all the requests to https… but…
i removed it, and still, it shows my file not found error because this is not the absolute path… I dont know what to do?
if you have any information about it please let me know.thanks
When you said "create directories, wellknown and acme challenge", did you forget the hyphen? It should be .well-known, and acme-challenge should be inside of it.
I didn't understand what you meant by
Did you understand why the file wasn't found? Did you create the /.well-known/acme-challenge/xxxlongcode file inside of your web root directory?
Edit: Also, if you can ssh to the web server, why don't you run Certbot there instead of on your local machine? That is how Certbot is designed to be used, and it can even possibly make the changes to the site for you instead of making you make them manually.
Yes the name of the folders are correct as .well-known and acme-challenge. and I created them under root. but then if it tries to verify via http, then my website cannot recognize the path because its not configured.
I tried installing certbot directly via ssh on the server but I received these errors
~]$ ./certbot-auto
"sudo" is not available, will use "su" for installation steps...
Sorry, I don't know how to bootstrap Certbot on your operating system!
You will need to bootstrap, configure virtualenv, and run pip install manually.
Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites
for more info.
Linux version 2.6.32-673.26.1.lve1.4.18.el6.x86_64 (mockbuild@build.cloudlinux.com) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) ) #1 SMP Fri Oct 21 11:58:14 EDT 2016
[Fri Mar 10 03:34:11 MST 2017] Creating domain key
[Fri Mar 10 03:34:12 MST 2017] Multi domain='DNS:www.99anchors.com'
[Fri Mar 10 03:34:12 MST 2017] Getting domain auth token for each domain
[Fri Mar 10 03:34:12 MST 2017] Getting webroot for domain='99anchors.com'
[Fri Mar 10 03:34:12 MST 2017] Getting new-authz for domain='99anchors.com'
[Fri Mar 10 03:34:12 MST 2017] The new-authz request is ok.
[Fri Mar 10 03:34:12 MST 2017] Getting webroot for domain='www.99anchors.com'
[Fri Mar 10 03:34:12 MST 2017] Getting new-authz for domain='www.99anchors.com'
[Fri Mar 10 03:34:12 MST 2017] The new-authz request is ok.
[Fri Mar 10 03:34:12 MST 2017] Verifying:99anchors.com
[Fri Mar 10 03:34:15 MST 2017] 99anchors.com:Verify error:Invalid response from http://99anchors.com/.well-known/acme-challenge/how5Xabty_SJaZpY89X3OLT09dFDSko_yLm9v02lOqs:
[Fri Mar 10 03:34:15 MST 2017] Please add '--debug' or '--log' to check more details.
[Fri Mar 10 03:34:15 MST 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh