Tried to get SSL on new domain, not working

2jiwon · October 22, 2018, 5:31pm

I ran this command: `sudo certbot --apache -d fancytank.com -d blog.fancytank.com

It produced this output:
Performing the following challenges:
http-01 challenge for fancytank.com
http-01 challenge for blog.fancytank.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. blog.fancytank.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.fancytank.com/.well-known/acme-ch
allenge/EeASBUJutHPNivgaD2pP9fqAqkfew1lPHIPfg-TzvXU: “\n\n404 Not Found\n\n

Not Found

\n<p”

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: blog.fancytank.com
Type: unauthorized
Detail: Invalid response from
http://blog.fancytank.com/.well-known/acme-challenge/EeASBUJutHPNivgaD2pP9fqAqkfew1lPHIPfg-TzvXU:
“\n\n404 Not
Found\n\n

Not Found
\n<p”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version): Apache/2.4.25 (Raspbian)

The operating system my web server runs on is (include version): Raspbian GNU/Linux 9 (stretch)

My hosting provider, if applicable, is: dnszi.com

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I have two domains and tried to connect them based on the same directories for a reason.

jiwon.me, fancytank.com /home/user1/public_html
blog.jiwon.me, blog.fancytank.com /home/user1/public_html/blog

Currently, jiwon.me and blog.jiwon.me are working fine.
However, I added fancytank.com and tried to get SSL on the URL but keep getting errors.

What did I wrong about this?

When I added the second domain(fancytank.com) on my web hosting site, I set the A records as same as the first one(jiwon.me). Should I change something about this?

Can’t I make these two domains work at the same time?

But http://fancytank.com is working, so I think that’s not the problem… idk.
Please, help me.

rg305 · October 22, 2018, 5:55pm

Have you been able to get any certs?
certbot certificates

stevenzhu · October 22, 2018, 6:15pm

Beside this…

@2jiwon I’m not sure if this is the correct behavior.
But the pages shown a default Apache page… (Instead of real contents)

Thank you

2jiwon · October 22, 2018, 6:16pm

I got 4 certs right now.
They’re jiwon.me, 2 sub domains on jiwon.me and fancytank.com.

And for the second one, I’m not sure what to show you about it…
The outputs are too long, but I can’t find anything includes ‘acme|challenge’.

2jiwon · October 22, 2018, 6:18pm

Ah, yes. that’s normal. it’s default index.html from the system, I put it there to check the page’s working.

stevenzhu · October 22, 2018, 6:21pm

Okay…

Could you please try to place a file under /home/user1/public_html/blog/.well-known/acme-challenge/ ?

Thank you

2jiwon · October 22, 2018, 6:32pm

There are no directories as .well-known/… I thought I deleted it because there’s nothing in it.
Should I make them?

stevenzhu · October 22, 2018, 6:33pm

Please do, thank you

2jiwon · October 22, 2018, 6:36pm

I just copied index.html in there.

rg305 · October 22, 2018, 6:40pm

This may have created the problem.
That directory is used by certbot for authentications.
Which means, although you may be able to renew existing certs, you won't be able to create new ones without it.

2jiwon · October 22, 2018, 6:44pm

Oh… then what can I do about it?
(BTW, I deleted it after I tried to get a new cert and it gave me errors even before I deleted.)
How can I fix this problem?

stevenzhu · October 22, 2018, 6:48pm

I thought certbot will create that when the folder does not exist....

rg305 · October 22, 2018, 6:54pm

...not always...
I prefer to handle auths separately via global alias or location within each vhost.
But the simplest way is to create the folder (and subfolder)

rg305 · October 22, 2018, 6:57pm

I don't see the file:
http://fancytank.com/.well-known/acme-challenge/index.html
(redirects to https then gives 404 error)

2jiwon · October 22, 2018, 7:01pm

Oh… @stevenzhu asked me make the directory in /home/user1/public_html/blog/.well-known/acme-challenge/.
Should I also make one /home/user1/public_html/.well-known/acme-challenge/?
And what kind of a file do I have to place in there?

rg305 · October 22, 2018, 7:03pm

For now, just a test.txt file will do:
echo "testing 1.2.3." > /home/user1/public_html/.well-known/acme-challenge/test.txt

rg305 · October 22, 2018, 7:05pm

Basically you will need a ".well-known/acme-challenge/" folder in each vhost root folder that you want to issue certs for.

2jiwon · October 22, 2018, 7:09pm

I just made the file in it. I checked it here. https://fancytank.com/.well-known/acme-challenge/test.txt

stevenzhu · October 22, 2018, 7:14pm

Hi,

I guess I understand the issue a little bit.

Could you please disable the http to https rewrite for the blogs subdomain?

Since you don’t have a https virtual host for blog subdomain and the auto rewrite to https is enabled, Apache redirects the requests to the root domain… Which cause the failure of your blog subdomain but the root domain successes.

Thank you

2jiwon · October 22, 2018, 7:20pm

I’m sorry but I don’t understand this. I need this to be more specific.

I have individual virtual host conf files of blog.jiwon.me and blog.fancytank.com.
And they are enabled.
Do you want me to disable these two files?