Trying to renew certificate


#1

Hi,

I installed letsencrypt before almost 90 days and I am trying to renew it but apparently I am doing something wrong.

I ran this command:
./certbot-auto renew

and received this error:
- The following errors were reported by the server:

   Domain: www.belladonnadubai.com
   Type:   connection
   Detail: Fetching
   https:///.well-known/acme-challenge/8agv_Xgu4uhrJxbjfh0pmTmOHCw_Hw3Ke8oRz10V7Hs:
   Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

I tried to fix the issue and changed the IP addresses but I am not sure if did something wrong… totally new to this field.

I am using aws lightsail I have one record set of type A and updated the domain nameservers with the nameservers provided by dns zone.

the site is a wordpress - ubuntu.
the domain is: belladonnadubai.com

thanks in advance


#2

Did you modify something in that URL? Or does Let’s Encrypt really trying to fetch https:///...?

Because if so, it looks like a wrong redirect.

Ah yes, the redirect is all borked:

osiris@client ~ $ curl -vI http://www.belladonnadubai.com/.well-known/acme-challenge/8agv_Xgu4uhrJxbjfh0pmTmOHCw_Hw3Ke8oRz10V7Hs
*   Trying 3.121.0.197...
* TCP_NODELAY set
* Connected to www.belladonnadubai.com (3.121.0.197) port 80 (#0)
> HEAD /.well-known/acme-challenge/8agv_Xgu4uhrJxbjfh0pmTmOHCw_Hw3Ke8oRz10V7Hs HTTP/1.1
> Host: www.belladonnadubai.com
> User-Agent: curl/7.61.1
> Accept: */*
> 
< HTTP/1.1 302 Found
HTTP/1.1 302 Found
< Date: Sat, 12 Jan 2019 11:05:37 GMT
Date: Sat, 12 Jan 2019 11:05:37 GMT
< Server: Apache
Server: Apache
< X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
< Location: https:///.well-known/acme-challenge/8agv_Xgu4uhrJxbjfh0pmTmOHCw_Hw3Ke8oRz10V7Hs
Location: https:///.well-known/acme-challenge/8agv_Xgu4uhrJxbjfh0pmTmOHCw_Hw3Ke8oRz10V7Hs
< Content-Type: text/html; charset=iso-8859-1
Content-Type: text/html; charset=iso-8859-1

< 
* Connection #0 to host www.belladonnadubai.com left intact
osiris@client ~ $ 

I guess not only Let’s Encrypt can’t reach your site, nobody can!!!


#3

Hi @OmarDacca

I see, you have your domain already testet via https://check-your-website.server-daten.de/?q=belladonnadubai.com

There is one wrong redirect:

Domainname Http-Status redirect Sec. G
http://www.belladonnadubai.com/
3.121.0.197 302 https:/// 0.037 E
• https:/// -101 0.010
Invalid URI: The hostname could not be parsed.
https://www.belladonnadubai.com/
3.121.0.197 200 4.570 N
Certificate error: RemoteCertificateChainErrors
http://www.belladonnadubai.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
3.121.0.197 302 https:///.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.036 E
• https:///.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de -101 0.010
Invalid URI: The hostname could not be parsed.

Your domain redirects to the empty name, so the result is https:/// or https:///.well-known/...

So check your configuration to find this wrong redirect. May be your wordpress setting or in your Apache config file, the vHost port 80.


#4

I can reach it here: https://www.belladonnadubai.com/
and no I didn’t changed anything!!!


#5

This is your https - site, not your http - site.

Browsers are caching redirects, so you can’t see the problem with your browser. Instead, use online tools or raw tools like wget or curl.

Your http has the wrong redirect.


#6

wget http://www.belladonnadubai.com/
–2019-01-12 21:07:44-- http://www.belladonnadubai.com/
Resolving www.belladonnadubai.com (www.belladonnadubai.com)… 3.121.0.197
Connecting to www.belladonnadubai.com (www.belladonnadubai.com)|3.121.0.197|:80… connected.
HTTP request sent, awaiting response… 302 Found
Location: https:/// [following]
https:///: Invalid host name.


closed #7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.