My domain is:
fridtjuv.se

I ran this command:
sudo certbot certonly --standalone --preferred-challenges http -d fridtjuv.se

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator standalone, Installer None

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for fridtjuv.se

Cleaning up challenges

Problem binding to port 80: Could not bind to IPv4 or IPv6.

My web server is (include version):
Ubuntu 14.04

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

Hi @zebrastribe

you have a lot of older Letsencrypt certificates, first from 2017-03-27 05:39:00, last from 2019-02-27 10:28:15 ( https://check-your-website.server-daten.de/?q=fridtjuv.se#ct-logs ).

Looks like you have used tls-sni-01 validation, that’s not longer supported, ended ~ 2019-03-15. So now it’s your first certificate with another validation method.

--standalone is from tls-sni-01, that starts a new webserver. But you have a running webserver -> that’s part of the problem.

Your configuration isn’t perfect, there is a redirect that adds a /.

So you have different options:

• stop your webserver, then use standalone, then start your webserver again
• use

sudo certbot certonly --apache --preferred-challenges http -d fridtjuv.se

that creates a location http + /.well-known/acme-challenge and should skip your not working redirect http -> https

• add a manual exclusion, so /.well-known/acme-challenge isn’t redirected to https, then find your DocumentRoot of your http port and use that:

certbot run -a webroot certonly -w yourDocumentroot -d fridtjuv.se

Hi Jürgen
These are the steps I understand from you that I need to take:

1. stop apache
2. use: sudo certbot certonly --apache --preferred-challenges http -d fridtjuv.se
3. add a manual exclusion – How?
4. then: certbot run -a webroot certonly -w yourDocumentroot -d fridtjuv.se
5. Restart apache
6. All is fixed?

it is step 3 I need some help with and is “yourDocumentRoot” = var/www/fridtjuv.se/html_public

No, these are three different options, not one after the other.

The webroot version is the preferred version. Every webserver should have a working webroot. And you don’t need to stop your running webserver.

Ok.
How do I add the Manual exclusion and where?

Is it the TXT record “_acme-challenge” that needs to be setup manually at my host?
like here under manual DNS “https://docs.certifytheweb.com/docs/dns-validation.html”
And were is the value to the TXT record?

Please start with the basics:

Then

Hey Jürgen
Thank you for pointing me in the right direction. I guess it is a HTTP-01 challenge I need so the TXT DNS records is not used. Can I somehow check if the automated renewal process is working?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.