Tried to get SSL on new domain, not working


#1

My domain is: fancytank.com

I ran this command: `sudo certbot --apache -d fancytank.com -d blog.fancytank.com

It produced this output:
Performing the following challenges:
http-01 challenge for fancytank.com
http-01 challenge for blog.fancytank.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. blog.fancytank.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.fancytank.com/.well-known/acme-ch
allenge/EeASBUJutHPNivgaD2pP9fqAqkfew1lPHIPfg-TzvXU: “\n\n404 Not Found\n\n

Not Found

\n<p”

IMPORTANT NOTES:

My web server is (include version): Apache/2.4.25 (Raspbian)

The operating system my web server runs on is (include version): Raspbian GNU/Linux 9 (stretch)

My hosting provider, if applicable, is: dnszi.com

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


I have two domains and tried to connect them based on the same directories for a reason.

jiwon.me, fancytank.com /home/user1/public_html
blog.jiwon.me, blog.fancytank.com /home/user1/public_html/blog

Currently, jiwon.me and blog.jiwon.me are working fine.
However, I added fancytank.com and tried to get SSL on the URL but keep getting errors.

What did I wrong about this?

When I added the second domain(fancytank.com) on my web hosting site, I set the A records as same as the first one(jiwon.me). Should I change something about this?

Can’t I make these two domains work at the same time?

But http://fancytank.com is working, so I think that’s not the problem… idk.:cry:
Please, help me.


#2

Have you been able to get any certs?
certbot certificates

How are you handling the acme-challenge requests?
grep -Eri 'acme|challenge|virtual|servername|alias|443|ssl' /etc/apache2/


#3

Beside this…

@2jiwon I’m not sure if this is the correct behavior.
But the pages shown a default Apache page… (Instead of real contents)

Thank you


#4

I got 4 certs right now.
They’re jiwon.me, 2 sub domains on jiwon.me and fancytank.com.

And for the second one, I’m not sure what to show you about it…
The outputs are too long, but I can’t find anything includes ‘acme|challenge’.


#5

Ah, yes. that’s normal. it’s default index.html from the system, I put it there to check the page’s working.


#6

Okay…

Could you please try to place a file under /home/user1/public_html/blog/.well-known/acme-challenge/ ?

Thank you


#7

There are no directories as .well-known/… I thought I deleted it because there’s nothing in it.
Should I make them? :cry:


#8

Please do, thank you


#9

I just copied index.html in there.


#10

This may have created the problem.
That directory is used by certbot for authentications.
Which means, although you may be able to renew existing certs, you won’t be able to create new ones without it.


#11

Oh… then what can I do about it?
(BTW, I deleted it after I tried to get a new cert and it gave me errors even before I deleted.)
How can I fix this problem?


#12

I thought certbot will create that when the folder does not exist…


#13

…not always…
I prefer to handle auths separately via global alias or location within each vhost.
But the simplest way is to create the folder (and subfolder)


#14

I don’t see the file:
http://fancytank.com/.well-known/acme-challenge/index.html
(redirects to https then gives 404 error)


#15

Oh… @stevenzhu asked me make the directory in /home/user1/public_html/blog/.well-known/acme-challenge/.
Should I also make one /home/user1/public_html/.well-known/acme-challenge/?
And what kind of a file do I have to place in there?


#16

For now, just a test.txt file will do:
echo "testing 1.2.3." > /home/user1/public_html/.well-known/acme-challenge/test.txt


#17

Basically you will need a “.well-known/acme-challenge/” folder in each vhost root folder that you want to issue certs for.


#19

I just made the file in it. I checked it here. https://fancytank.com/.well-known/acme-challenge/test.txt


#20

Hi,

I guess I understand the issue a little bit.

Could you please disable the http to https rewrite for the blogs subdomain?

Since you don’t have a https virtual host for blog subdomain and the auto rewrite to https is enabled, Apache redirects the requests to the root domain… Which cause the failure of your blog subdomain but the root domain successes.

Thank you


#21

I’m sorry but I don’t understand this. I need this to be more specific.

I have individual virtual host conf files of blog.jiwon.me and blog.fancytank.com.
And they are enabled.
Do you want me to disable these two files?