Now that makes sense.
And a good reason to group all the acme-challenge requests “globally” into one folder.
So no matter which site (or default site) answers the request, the folder location will be the same.
Where do you do the http > http redirection?
I’m so sorry but I don’t understand the question…
Why do I redirect http > http?
Where does the HTTP to HTTPS redirection happen?
I’m truly sorry…but I don’t understand…
I don’t know ‘where’.
Do you mean apache2/sites… directories?
When I got enabled https redirection was automatically made by certbot command. It made ‘xxx-le-ssl.conf’ files.
But you don’t mean that?
(And If I may check this again… I want ‘new cert on another domain, based on same source directories’.
blog.jiwon.me is fine. blog.fancytank.com isn’t working.)
OK.
Let's undo that "temporaily".
grep -Eri 'rewrite|https|certbot' /etc/apache2/
Yes, I placed it in there.
It failed. same error message…
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for blog.fancytank.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. blog.fancytank.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.fancytank.com/.well-known/acme-challenge/amBTg-tE2zY5CIIEw7dx2EZRS4i2wy-mVSXlDkxWjds: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: blog.fancytank.com
Type: unauthorized
Detail: Invalid response from
http://blog.fancytank.com/.well-known/acme-challenge/amBTg-tE2zY5CIIEw7dx2EZRS4i2wy-mVSXlDkxWjds:
"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.-
vhost file for blog.fancytank.com
I made this file just copied from blog.jiwom.me which works well.LISTEN 8080<VirtualHost *:8080>
ServerName blog.fancytank.com
ServerAdmin user1@gmail.com
DocumentRoot /home/user1/public_html/blog
ErrorLog /var/log/apache2/blog.fancytank.com-error_log
CustomLog /var/log/apache2/blog.fancytank.com-access_log combined
<Directory /home/user1/public_html/blog>
DirectoryIndex index.html index.php
Options FollowSymLinks
AllowOverride All
Require all grantedRewriteEngine on
RewriteCond %{SERVER_NAME} =blog.fancytank.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] -
error log file… you mean this log? /var/log/apache2/blog.fancytank.com-error_log
[Tue Oct 23 05:08:01.852840 2018] [:error] [pid 1749] [client 75.51.0.159:57001] PHP Notice: Undefined index: username in /home/user1/public_html/blog/index.php on line 19
[Tue Oct 23 05:08:01.855077 2018] [:error] [pid 1749] [client 75.51.0.159:57001] PHP Notice: Undefined index: username in /home/user1/public_html/blog/index.php on line 56
[Tue Oct 23 05:12:47.917311 2018] [:error] [pid 1751] [client 64.71.168.196:54351] PHP Notice: Undefined index: username in /home/user1/public_html/blog/index.php on line 19
[Tue Oct 23 05:12:47.919181 2018] [:error] [pid 1751] [client 64.71.168.196:54351] PHP Notice: Undefined index: username in /home/user1/public_html/blog/index.php on line 56
[Tue Oct 23 05:12:48.255415 2018] [:error] [pid 1746] [client 64.71.168.196:54406] PHP Notice: Undefined index: username in /home/user1/public_html/blog/index.php on line 19
[Tue Oct 23 05:12:48.257645 2018] [:error] [pid 1746] [client 64.71.168.196:54406] PHP Notice: Undefined index: username in /home/user1/public_html/blog/index.php on line 56
[Tue Oct 23 05:12:57.072683 2018] [:error] [pid 1748] [client 64.71.168.196:55934] PHP Notice: Undefined index: username in /home/user1/public_html/blog/index.php on line 19
[Tue Oct 23 05:12:57.074917 2018] [:error] [pid 1748] [client 64.71.168.196:55934] PHP Notice: Undefined index: username in /home/user1/public_html/blog/index.php on line 56
Please remove the HTTPS redirection lines from vhost config file:
RewriteEngine on
RewriteCond %{SERVER_NAME} =blog.fancytank.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
Then retry getting a cert.
Also, how does it get from :80 to :8080 ?
Where does that magic happen?
I’ll try that now. and I redirect 80 to 8080 using port forwarding.
OK.
How does it miss the request for “test.txt” and serve “index.php” ?
Sorry, this is actually working:
http://blog.fancytank.com/.well-known/acme-challenge/test.txt
But it still redirects.
Modify vhost config and remove the 3 rewrite lines.
In that case you should inform Certbot of this setup by adding the following option to your certbot command line:
--http-01-port 8080
1 Like
Hmm… I’m not sure about it. Because when I first get the cert on ‘jiwon.me’, I didn’t have to do it.
I remove the rewrite parts and tried but it failed and same error message.
I even deleted the cert on fancytank.com with the command ‘certbot --apache delete’ and tried again but it failed again. 
If port 80 is being forwarded to 8080, then certbot needs to know that so that it can tell Apache to serve the challenge responses on the correct port. I guess it might sometimes work without that if the default VirtualHost happened to be the correct one, but it wouldn’t be reliable.
1 Like