Trouble with missing files

My domain is:
fridtjuv.se

I ran this command:
sudo certbot certonly --standalone --preferred-challenges http -d fridtjuv.se

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator standalone, Installer None

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for fridtjuv.se

Cleaning up challenges

Problem binding to port 80: Could not bind to IPv4 or IPv6.

My web server is (include version):
Ubuntu 14.04

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

Hi @zebrastribe

you have a lot of older Letsencrypt certificates, first from 2017-03-27 05:39:00, last from 2019-02-27 10:28:15 ( https://check-your-website.server-daten.de/?q=fridtjuv.se#ct-logs ).

Looks like you have used tls-sni-01 validation, that’s not longer supported, ended ~ 2019-03-15. So now it’s your first certificate with another validation method.

--standalone is from tls-sni-01, that starts a new webserver. But you have a running webserver -> that’s part of the problem.

Your configuration isn’t perfect, there is a redirect that adds a /.

Domainname Http-Status redirect Sec. G
http://fridtjuv.se/
185.20.12.47 302 https://fridtjuv.se/ 0.070 A
http://www.fridtjuv.se/
185.20.12.47 302 https://fridtjuv.se/ 0.070 E
https://www.fridtjuv.se/
185.20.12.47 301 https://fridtjuv.se/ 1.137 N
Certificate error: RemoteCertificateNameMismatch
https://fridtjuv.se/
185.20.12.47 200 3.930 I
http://fridtjuv.se/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.20.12.47 302 https://fridtjuv.se/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.076 A
Visible Content: Found The document has moved here . Apache/2.4.7 (Ubuntu) Server at fridtjuv.se Port 80
http://www.fridtjuv.se/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.20.12.47 302 https://fridtjuv.se/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.070 E
Visible Content: Found The document has moved here . Apache/2.4.7 (Ubuntu) Server at www.fridtjuv.se Port 80
https://fridtjuv.se/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 301 https://fridtjuv.se/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de/ 1.370 A
Visible Content:
https://fridtjuv.se/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de/ 400 1.223 M
Bad Request
Visible Content: {“error”:“invalid_request”,“error_description”:“unknown request”}

So you have different options:

  • stop your webserver, then use standalone, then start your webserver again
  • use
sudo certbot certonly --apache --preferred-challenges http -d fridtjuv.se

that creates a location http + /.well-known/acme-challenge and should skip your not working redirect http -> https

  • add a manual exclusion, so /.well-known/acme-challenge isn’t redirected to https, then find your DocumentRoot of your http port and use that:
certbot run -a webroot certonly -w yourDocumentroot -d fridtjuv.se
3 Likes

Hi Jürgen
These are the steps I understand from you that I need to take:

  1. stop apache
  2. use: sudo certbot certonly --apache --preferred-challenges http -d fridtjuv.se
  3. add a manual exclusion – How?
  4. then: certbot run -a webroot certonly -w yourDocumentroot -d fridtjuv.se
  5. Restart apache
  6. All is fixed?

it is step 3 I need some help with and is “yourDocumentRoot” = var/www/fridtjuv.se/html_public

No, these are three different options, not one after the other.

The webroot version is the preferred version. Every webserver should have a working webroot. And you don’t need to stop your running webserver.

Ok.
How do I add the Manual exclusion and where?

Is it the TXT record “_acme-challenge” that needs to be setup manually at my host?
like here under manual DNS “https://docs.certifytheweb.com/docs/dns-validation.html
And were is the value to the TXT record?

Please start with the basics:

Then

Hey Jürgen
Thank you for pointing me in the right direction. I guess it is a HTTP-01 challenge I need so the TXT DNS records is not used. Can I somehow check if the automated renewal process is working?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.