Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:laragate.com
I ran this command:
certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d *.laragate.com -d laragate.com
It produced this output:
The client lacks sufficient authorization
My web server is (include version):
apache2
The operating system my web server runs on is (include version):
linuxmint 19
My hosting provider, if applicable, is:
self
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 0.31.0
I am running a web server for multiple virtual domains using drupal7. I have a separate server which is the primary DNS server with a number of secondaries from a third party.
I suspect this could be due to the server running multiple virtual website via drupal7. There are no well-known files in any of the virtual server folders. The laragate.com is one of the virtual website/servers
Try to run Certbot with --debug-challenges and check if all TXT records are being added. It might be a little bit slow. Because currently I'm seeing eh75mrCM4wq7YP4TGwTqPPr0vDW2i57lGXOG5fmG9RQ and mQ0lV5n-wo69uyUD584QAlhPsx-7p2AfFn-uU9iuols at 2927124e-8203-4977-8f14-fa0a0d97bf6c.auth.acme-dns.io (which is where your _acme-challenge label redirects to using a CNAME), and not the qw9EM2CYri-nMEA7PighPBk2c03fYRPYBjkUPw1hVD4 from the error message.
I have spent a bunch of time and even installed a snap package to hopefully get a recent version.
From what I see, the problem is that I am running an Apache2 server and have multiple virtual domains under the drupal7 /sites folder. The site run fine, but they are all HTTP because I don't have certificates and have not modified the Apache config files for encryption.
The certbot processing wants a /well-known folder with the sub-directory. The certbot can't find the well-known location so it fails.
What I need is specific instructions on how to work with a drupal7 installation with multiple virtual domains. If that's not available, I am not going to play trial& error to reverse engineer this. I will just have to generate self-signed certificates for each virtual domain and live with browser complaints about the certificates.
Any help is appreciated but I have many things so far and tried to understand the diagnostics.
root@sylvester:/etc# apachectl -t -D DUMP_VHOSTS
[Sun Feb 25 07:15:08.382408 2024] [core:error] [pid 6201] (EAI 2)Name or service not known: AH00547: Could not resolve host name springsdanceclub.org -- ignoring!
[Sun Feb 25 07:15:08.424940 2024] [core:error] [pid 6201] (EAI 2)Name or service not known: AH00547: Could not resolve host name springsdanceclub.com -- ignoring!
[Sun Feb 25 07:15:08.473272 2024] [core:error] [pid 6201] (EAI 2)Name or service not known: AH00547: Could not resolve host name douglas-bruce.com -- ignoring!
[Sun Feb 25 07:15:08.608057 2024] [core:error] [pid 6201] (EAI 2)Name or service not known: AH00547: Could not resolve host name microsmartdigi.com -- ignoring!
AH00112: Warning: DocumentRoot [/var/www/html/usd/] does not exist
AH00112: Warning: DocumentRoot [/var/www/html/usd/] does not exist
AH00112: Warning: DocumentRoot [/var/www/html/pei/] does not exist
[Sun Feb 25 07:15:08.765063 2024] [core:error] [pid 6201] (EAI 2)Name or service not known: AH00547: Could not resolve host name ReformCityHall.com -- ignoring!
[Sun Feb 25 07:15:08.806474 2024] [core:error] [pid 6201] (EAI 2)Name or service not known: AH00547: Could not resolve host name 719Painter.com -- ignoring!
[Sun Feb 25 07:15:08.847537 2024] [core:error] [pid 6201] (EAI 2)Name or service not known: AH00547: Could not resolve host name noraintax.net -- ignoring!
[Sun Feb 25 07:15:09.839632 2024] [core:error] [pid 6201] (EAI 2)Name or service not known: AH00547: Could not resolve host name pra2022.com -- ignoring!
[Sun Feb 25 07:15:09.883705 2024] [core:error] [pid 6201] (EAI 2)Name or service not known: AH00547: Could not resolve host name 603knick.com -- ignoring!
[Sun Feb 25 07:15:09.921965 2024] [core:error] [pid 6201] (EAI 2)Name or service not known: AH00547: Could not resolve host name VoteNoCC.com -- ignoring!
VirtualHost configuration:
65.124.153.166:80 is a NameVirtualHost
default server www.thecfbc.com (/etc/apache2/conf-enabled/httpd.conf:3)
port 80 namevhost www.thecfbc.com (/etc/apache2/conf-enabled/httpd.conf:3)
port 80 namevhost www.finaq.com (/etc/apache2/conf-enabled/httpd.conf:21)
port 80 namevhost www.307re.com (/etc/apache2/conf-enabled/httpd.conf:40)
port 80 namevhost www.northgateresources.com (/etc/apache2/conf-enabled/httpd.conf:57)
port 80 namevhost www.TheDailyEagle.com (/etc/apache2/conf-enabled/httpd.conf:92)
port 80 namevhost www.thecfbc.com (/etc/apache2/conf-enabled/httpd.conf:231)
port 80 namevhost www.petitionrights.com.com (/etc/apache2/conf-enabled/httpd.conf:285)
port 80 namevhost www.pra2024.com (/etc/apache2/conf-enabled/httpd.conf:340)
port 80 namevhost www.juneheimsoth.com (/etc/apache2/conf-enabled/httpd.conf:370)
port 80 namevhost www.thedailyeagle.com (/etc/apache2/conf-enabled/httpd.conf:391)
port 80 namevhost www.inferential.com (/etc/apache2/conf-enabled/httpd.conf:411)
port 80 namevhost www.hh-no.com (/etc/apache2/conf-enabled/httpd.conf:465)
port 80 namevhost www.zefcatt.com (/etc/apache2/conf-enabled/httpd.conf:483)
port 80 namevhost www.jsigrill.com (/etc/apache2/conf-enabled/httpd.conf:501)
port 80 namevhost www.acwcp.com (/etc/apache2/conf-enabled/httpd.conf:519)
port 80 namevhost www.laragate.com (/etc/apache2/conf-enabled/httpd.conf:537)
port 80 namevhost forcongress.douglasbruce.com (/etc/apache2/conf-enabled/httpd.conf:555)
The dead virtual hosts are not the problem. I was only trying to use the tool for a single virtual host. I have in fact removed a few of the dead hosts, but will leave the others in the HTTP config for the time being.
The problem is in the verification process because the tool can't handle a drupal7 installation. Unless there is some documentation about how to use the tool in my server, I will have to abandon the tool and just generate self-signed individual certificate.
Yeah it is confusing. Post number one showed a DNS challenge. Post Number 6 showed part of a log from a DNS challenge failing. And then in post number seven they guessed there was a problem with their web server and the Acme challenge folder.