Trying to issue a certificate with Debian/Apache and the make sure your domain name was entered correctly and the DNS A/AAAA record(s)... problem

kabeza · July 24, 2020, 4:45pm

Hi.
I’m trying to get a certificate running on a govt. domain

Before giving more detailed info, I’d like to ask you the following so maybe I can solve without asking permission to publish domain, etc.

I’ve ssh’ed/rooted to the server with Debian 7 / Apache 2.2.22
Certbot version: 0.31.0
I’ve run:

/etc/letsencrypt/bin# ./certbot-auto certonly --no-self-upgrade --no-bootstrap --webroot -w /var/www/www.mydomain/public_html/ -d mydomain -d www.mydomain

The key file on well-known/acme-challenge folder is reachable with curl (and from internet)
https://i.imgur.com/cKYHVH3.jpg

But the output from certbot gives an invalid response from mydomain/.well-known/acme-challenge/…E-55A6jDmwDA/
https://i.imgur.com/VQFlrCh.jpg

As you can see in this las image, it tries to open a folder , I mean it adds a / at the end and of course it gives 404 because that folder does not exist. In case I could remove that / at the end I guess it should work… right?

PS: I cannot yet upgrade that Debian 7 / Apache 2.2.22 so I had to follow guidelines to downgrade certbot to 0.31.0 so I didn’t get pip problems etc.

I guess I’ll be able to share domain by private

Thanks for any tip you can give me

rg305 · July 24, 2020, 5:34pm

You have to test your system from outside of itself and outside that local network to be sure.
Try the same curl statement from any other Internet connected device.

Also please share the HTTP vhost config file.
And double check that there are no overlapping names with:
apachectl -S

kabeza · July 25, 2020, 2:21pm

Hi again
Tried the curl command from my PC

C:\Users\Me>curl -Iki http://mydomain/.well-known/acme-challenge/09zi4ZyvpTtyVEWKzN6v41G-3YD6qDxyMSV1mrM3geE
HTTP/1.1 200 OK
Date: Sat, 25 Jul 2020 14:14:08 GMT
Server: Apache/2.2.22 (Debian)
Last-Modified: Fri, 24 Jul 2020 14:16:39 GMT
ETag: "5eb0a-57-5ab309f143cfe"
Accept-Ranges: bytes
Content-Length: 87

And here’s the vhost apache config file

<VirtualHost *:80>
        ServerName www.mydomain.ar
        ServerAlias mydomain.ar
        DocumentRoot /var/www/www.mydomain.ar/public_html

        <Directory /var/www/www.mydomain.ar>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                allow from all
        </Directory>
</VirtualHost>

And the output of apachectl -S

root@SRV02WEBPUB01:/etc/apache2# apachectl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:443          SRV02WEBPUB01 (/etc/apache2/sites-enabled/default-ssl:2)
*:80                   is a NameVirtualHost
         default server SRV02WEBPUB01 (/etc/apache2/sites-enabled/000-default:1)
         port 80 namevhost SRV02WEBPUB01 (/etc/apache2/sites-enabled/000-default:1)
         port 80 namevhost www.mydomain.gov.ar (/etc/apache2/sites-enabled/www.mydomain.ar:1)
Syntax OK

Thanks a lot again

Osiris · July 25, 2020, 2:29pm

That's not something certbot or the Let's Encrypt validation server tries to do. The URL in the error message is after any redirect from the target webserver has been processed. So first it tries without the /, the webserver - for some reason - redirects to with a / and that's the URL you'll see in the error message.

Please check if there is such a redirect in your configuration file(s) present.

kabeza · July 25, 2020, 2:58pm

Checked .htaccess, the wordpress files, etc. w/o luck

rg305 · July 26, 2020, 12:34am

There are two names here:

And only one name here:

That doesn't match up.

system · August 25, 2020, 12:34am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.