To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address

Help
1

Hi guys,

I'm just doing a lab test and I bought a domain name called habitnight.com, which the DNS A Record is pointing to my ISP IP address (dynamic). I have a simple Wordpress with no info and I would like to install the https cert. Port 80 is already open on my router pointing to the raspberry pi im using.

Any help would be appreciated.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: habitnight.com

I ran this command: sudo certbot --apache

It produced this output:

root@habitnight:/home/sebas# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

1: habitnight.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for habitnight.com
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. habitnight.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://habitnight.com/.well-known/acme-challenge/q8Yllivgew3ysq1HhDy7uHgxA-S4ixGrF1XGP6fZI5M [37.15.36.216]: "\n\n404 Not Found\n\n

Not Found

\n<p"

IMPORTANT NOTES:

The operating system my web server runs on is (include version):

Linux Version:

PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"

Apache2 version:

Server version: Apache/2.4.38 (Raspbian)
Server built: 2020-08-25T20:08:29

My hosting provider, if applicable, is: NONE

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 0.31.0

1 Like
2

The certbot apache plugin probably doesn't understand your Apache configuration very well. There are two options:

  1. debug your Apache configuration and make it work with the apache plugin. A good first step for this would be running apachectl -S and look for any strange configurations.
  2. use the webroot authenticator plugin. If you want to let certbot (try to) install the certificate for you, you can combine the webroot authenticator plugin with the apache installer plugin with: -a webroot -i apache in stead of --apache. The webroot plugin requires an extra option -w on the command line, pointing to the webroot of your site, for example: -w /var/www/vhosts/habitnight.com/htdocs or whatever the DocumentRoot of your site is.
6 Likes
3

I tried the option 2 and it worked perfectly. Thank you so much!

4 Likes
4

It's also possible that this would have worked better in a more up-to-date version of Certbot. I understand that 0.31.0 is the most recent release in your Raspbian; the Certbot project has subsequently switched to snaps as the recommended package distribution method in order to get more current releases out to users more expeditiously.

2 Likes
5

I would assume that if you would try debugging your apache config, you would find some things that should be corrected.

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.