Hello dear. I ask for your help. There is a Debian 9 droplet on DigitalOcean (DO). It has 6 sites. Sites were transferred to DO a very long time ago. Now I need to install LetsEncrypt on the sites. Unfortunately, I haven't done this before. But the algorithm is written on the Internet quite clearly.
I logged into the server. I upgraded all programs and installed LetsEncrypt (Certbot 0.28.0). Looked VirtualHosts "apachectl -t -D DUMP_VHOST". Answer:
*.*.*.*:8443 MySite1.com (/home/admin/conf/web/mysite1.com.apache2.ssl.conf:1)
*.*.*.*:8080 is a NameVirtualServer
default server vesta.MyAdminSite.com (/home/.....)
port 8080 namevhost vesta.MyAdminSite.com (/home/...)
port 8080 namevhost MySite1.com (/home/...)
port 8080 namevhost MySite2.com (/home/...)
port 8080 namevhost MySite3.com (/home/...)
port 8080 namevhost MySite4.com (/home/...)
port 8080 namevhost MySite5.com (/home/...)
port 8080 namevhost MySite6.com (/home/...)
That is, now if I write "httpS://.." and the name of any of my sites, the server shows https://mySite1.com
OK. I created a folder "/public_html/.well-known/acme-challenge", gave it permissions 755. I write: letsencrypt run -d MySite2.com -m admin@MySite2.com --http-01-port 8080
Failed authorization procedure. MySite2.com (http-01): urn:ietf:params:acme:error:anauthorized ::"
- The following errors were reported by server:
Detail: The key authorization file from server did not match this challenge
"ui-jfghkjf.123456578..." != "ui-jfghkjf.5654654645..."
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA records for that domain contains the right IP address.
I checked - all DNS records are correct.
A www.Mysite2.com directs to *.*.*.*
MX MySite2.com mail handled by mail.another.mail.server.ua
A MySite2.com directs to *.*.*.*
NS MySite2.com directs to ns1.digitalocean.com.
NS MySite2.com directs to ns2.digitalocean.com.
NS MySite2.com directs to ns3.digitalocean.com.
But I saw that in the configuration of the nginx.MySite2.com.conf_letsencrypt virtual server there was already a line with some key that LetsEncrypt swore at: return 200 "$1.5654654645..."
I transferred this file, hid it. But nothing has changed.
I will repeat what I wrote above. All virtual hosts are set (for 1) to port 8080. This was not done by me and many years ago. Why and for what - I do not know. Judging by the response from "apachectl -t -D DUMP_VHOST" there is nothing on port 80.