Try to get a new Certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
I am only responsible for moodle.mcf.bayern

I ran this command:
sudo certbot --apache

It produced this output:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: moodle.mfc.bayern
Type: unauthorized
Detail: 2a01:4f8:200:7230::2: Invalid response from http://acme.joel-hatsch.net/.well-known/acme-challenge/xGXRAWYSqEcAx66sBs6yKTiOeX7L3f6AZC5GxpUvokQ?redirect=yes: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

My web server is (include version):
Apache2

The operating system my web server runs on is (include version):
Debian 11

My hosting provider, if applicable, is:
I am hosting the Server on my own. So i have a PC only for the Server.

I can login to a root shell on my machine (yes or no, or I don't know):
Yes is can

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
To be honest, i use the Terminal, i am quite new to the linux topic so i donĀ“t really know what the meaning of "version of the control panel" means.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Certbot 1.32.2

1 Like

Sorry forget to write my Question, i want to start a Webserver with Moodle for a projekt. It is an Apache2 on an Debian 11 System. And yeah like the titel tell you, i want to use letĀ“s encrypt to get an SSL-Certificate. But i donĀ“t konw anymore, i looked at the internet, but donĀ“t find something that is very helpfull.
I am a newcomer for linux and server and donĀ“t know really much about the topic, so please have mercy with me. If you need anything else i will respond as fast as i can.
Thank you for you help in advance.

1 Like

The 2a01.4f8... is an IPv6 address. But, your DNS no longer has the AAAA record to configure this. Have you made changes since the original attempt?

If you are still having problems please post the new error message.

And, welcome to the community @Beskation

4 Likes

I never set an AAAA record. I only set the A record. I thought it is just an addition and not a must have. And i donĀ“t have a puplic IPv6 address on my router. So i donĀ“t know. And i canĀ“t just set the local IPv6 couse it is not reachable from the Internet.

You definitely have an AAAA record defined for your acme.joel-hatsch.net domain. Why did you state a different domain in your first post?

And, I made a mistake in evaluating your moodle domain instead of the acme.joel-hatsch.net domain. So, I see valid connections for both IPv4 and IPv6 but I see a couple things.

The most striking is it looks like an nginx server and not Apache like you say in your first post. Also, the redirect is odd for the HTTP Challenge URL. This could cause problems depending on your nginx config.

Can you explain why I see nginx instead of Apache?

curl -I6L acme.joel-hatsch.net/.well-known/acme-challenge/Test123
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.18.0 (Ubuntu)
Location: http://acme.joel-hatsch.net/.well-known/acme-challenge/Test123?redirect=yes

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
4 Likes

And also as important...

curl -Ii moodle.mfc.bayern/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 307 Temporary Redirect
Location: http://acme.joel-hatsch.net/.well-known/acme-challenge/Test_File-1234?redirect=yes

Why does it forward to some other name?

What shows?:
curl -4 ifconfig.io

5 Likes

To be honest, i have no clue about the acme.joel-hatsch.net Domain. I never install a nginx on purpose on my device and i am the only webserver in my local network. And i only use an Apache, if i run the "sudo service apache2 status" command, i see an activ apache server.

The command shows: 31.19.130.179
And that is the IPv4 i use in my DNS so it should be fine. Or not?

NOT.

Name:      moodle.mfc.bayern
Addresses: 2a01:4f8:200:7230::2
           144.76.196.49

It doesn't match the DNS for that name.

5 Likes

The 144.76.196.49 is the IP from the Mein Website www.mcf.bayern. So i am a little bit confused. So yeah, it dosnĀ“t match couse moodle.mcf.bayern is on an other device than mcf.bayern. And the solution now is to change the DNS right?

Yes, global DNS needs to match your IP.

Where did you make that DNS change?

5 Likes

Okay, i missspell the Domain. Big sorry. I am 'moodle.mcf.bayern' not MFC.

I make the changes on united-domains.com

2 Likes

hahahaha!
Not the first time a TYPO has done that to us here!

You need to correct your Apache configuration.
Then rerun certbot.

6 Likes

Oh man, really big thanks i try to fix it and will answer.

2 Likes

Again really big thanks it is working now.
I just have to change something in the ports.conf. I write Listen 443 in it. Hoping that it would listen to port 443. And this mess it all up. Hope some one else will find it usefull that i was a bit stupid.

2 Likes

I highly doubt it will be the last time. :sweat_smile:

6 Likes