The server could not connect to the client to verify the domain in

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.compliancecorporate.es

I ran this command: ./certbot-auto renew

It produced this output:
Attempting to renew cert (compliancecorporate.es) from /etc/letsencrypt/renewal/compliancecorporate.es.conf produced an unexpected error: Failed authorization procedure. compliancecorporate.es (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://www.compliancecorporate.es.well-known/acme-challenge/Y0dGLCALd3kLAX7AD3NMdUuqTcsonPFsk0Ndix5qlPI: Error getting validation data, www.compliancecorporate.es (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://www.compliancecorporate.es.well-known/acme-challenge/IZpRLRdrlvKzjQ4YSumpImfEUgRTkET72Qp0lvQUx7Y: Error getting validation data. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/compliancecorporate.es/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/compliancecorporate.es/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

The operating system my web server runs on is (include version): CENTOS7

I can login to a root shell on my machine (yes or no, or I don’t know):yes

It seems the problem is that is tryinto access https://www.compliancecorporate.es.well-known/…
instead of https://www.compliancecorporate.es/.well-known/

Could you help me?

2

You have a bad redirect on your site.

$ curl -X GET -I compliancecorporate.es/.well-known/acme-challenge/
HTTP/1.1 301 Moved Permanently
Date: Mon, 29 Jan 2018 09:37:45 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Location: https://www.compliancecorporate.es.well-known/acme-challenge/
Content-Length: 269
Content-Type: text/html; charset=iso-8859-1

Note the absence of a trailing slash after .es.

1 Like
3

Where can I find the configuration file to change it? Thanks in advance!

4

What’s your hosting environment?

Linux and Apache?

Bitnami?

cPanel?

etc …

What does this say?

apachectl -S
1 Like
5

CENTOS 7 and Apache with Bitnami 1and1. Access to console.
[root@localhost letsencrypt]# apachectl -S
VirtualHost configuration:
*:80 compliancecorporate.es (/opt/bitnami/apache2/conf/bitnami/bitnami.conf:8)
*:443 compliancecorporate.es (/opt/bitnami/apache2/conf/bitnami/bitnami.conf:46)
ServerRoot: "/opt/bitnami/apache2"
Main DocumentRoot: “/opt/bitnami/apps/owncloud/htdocs"
Main ErrorLog: “/opt/bitnami/apache2/logs/error_log"
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir=”/opt/bitnami/apache2/logs/” mechanism=default
Mutex proxy-balancer-shm: using_defaults
PidFile: "/opt/bitnami/apache2/logs/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: USE_PHP_FPM
User: name=“daemon” id=2
Group: name=“daemon” id=2
[root@localhost letsencrypt]#

6

Can you show me /opt/bitnami/apache2/conf/bitnami/bitnami.conf ?

I think there is going to be a Redirect line in there that needs to have a trailing slash / added to the end …

1 Like
7

Thank you very much!!

8

Sorry, now I cannot see the certification date updated but the renewal process have finished correctly…

9

Sorry, I have updated the certification but when I access through internet it shows me the old expiration date. I have tried to stop all the services through: ./ctlscript.sh restart but it continues to show me the old expiration date.

Thanks in advance!

Máximo Tamayo Ruiz

www. i n f o r m a c o n s u l t i n g. com

c/ Heros, 28. Entr dcha. 48009 BILBAO

c/ V i l l a n u e v a, 29. 28001 MADRID

Telf 94 424 40 14 Fax 94 424 04 33

­­­

Advertencia legal

Este mensaje y cualquier mensaje adjunto al mismo, va dirigido de manera exclusiva a su destinatario y puede contener información CONFIDENCIAL y sujeta al secreto profesional, cuya divulgación no está permitida por la ley. En caso de haber recibido este mensaje por error, le rogamos que, de forma inmediata, nos lo comunique y proceda a su eliminación, así como a la de cualquier documento adjunto al mismo. Le comunicamos que la distribución, copia o utilización de este mensaje, o de cualquier documento adjunto al mismo, cualquiera que fuera su finalidad, están prohibidas por la ley.

Legal warning

This message, and any document enclosed, are intended exclusively for its addressee and may contain CONFIDENTIAL information protected by a professional privilege, whose disclosure is prohibited by law. If this message has been received in error, we request you to notify us immediately via e-mail and delete it, as well as any attached document. If you are not the intended recipient you are hereby notified that any read, dissemination, copy or disolosure of this message, independently of its purpose, is strictly prohibited by law.

10

If you access through the web browser it shows as expiration date 15/02/2018 but with ./certbot/certbot-auto certificates

[root@localhost letsencrypt]# ./certbot-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: compliancecorporate.es
Domains: www.compliancecorporate.es compliancecorporate.es
Expiry Date: 2018-04-29 13:39:25+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/compliancecorporate.es/fullchain.pem
Private Key Path: /etc/letsencrypt/live/compliancecorporate.es/privkey.pem

11

Hi @butrm2j,

You should double check where are the SSLCertificateFile and SSLCertificateKeyFile directives pointing out in your Bitnami conf. Seems they are not using the right path to your renewed cert… or maybe you need to copy your new cert and key to some other place where Bitnami is reading them…

Cheers,
sahsanu

12

I copy what I have in the bitnami.conf:

Redirect permanent /secure https://www.compliancecorporate.es
ServerName compliancecorporate.es
ServerAlias compliancecorporate.es www.compliancecorporate.es
DocumentRoot "/opt/bitnami/apache2/htdocs"
SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
SSLCACertificateFile “/opt/bitnami/apache2/conf/server-ca.crt”
<Directory “/opt/bitnami/apache2/htdocs”>

13

By default, this is not where Certbot places certificates. You'll likely need to either copy them from `/etc/letsencrypt/live/compliancecorporate.es/, or point these directives to the files in this directory (cert.pem, privkey.pem, and chain.pem, respectively.)

1 Like
14

I have done it and I have restart the webserver… but I continue getting the 15 feb 2018

15

Default Virtual Host configuration.

<IfVersion < 2.3 >
NameVirtualHost *:80
NameVirtualHost *:443

Redirect permanent / https://www.compliancecorporate.es/ ServerName compliancecorporate.es ServerAlias compliancecorporate.es www.compliancecorporate.es DocumentRoot "/opt/bitnami/apache2/htdocs" Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all = 2.3 > Require all granted

Error Documents

ErrorDocument 503 /503.html

Bitnami applications installed with a prefix URL (default)

Include “/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf”

Default SSL Virtual Host configuration.

<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so

Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !$
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300

Redirect permanent /secure https://www.compliancecorporate.es ServerName compliancecorporate.es ServerAlias compliancecorporate.es www.compliancecorporate.es DocumentRoot "/opt/bitnami/apache2/htdocs" SSLEngine on SSLCertificateFile "/etc/letsencrypt/live/compliancecorporate.es/server.crt" SSLCertificateKeyFile "/etc/letsencrypt/live/compliancecorporate.es/server.key" SSLCACertificateFile "/etc/letsencrypt/live/compliancecorporate.es/server-ca.crt" Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all = 2.3 > Require all granted

Error Documents

ErrorDocument 503 /503.html

Bitnami applications installed with a prefix URL (default)

Include “/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf”

Bitnami applications that uses virtual host configuration

Include “/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf”

16

As @jared.m already said, this should be:

SSLCertificateFile "/etc/letsencrypt/live/compliancecorporate.es/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/compliancecorporate.es/privkey.pem"
SSLCACertificateFile "/etc/letsencrypt/live/compliancecorporate.es/chain.pem"
17

Thank you so much!! The new expiration date appears correctly!

1 Like
18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.