Hello,
I have two domains mapped to the same host. I use ClouDNS to map both "marref.org" and "infinity-computer-systems.com" to the same IP address of my host in a virtual machine in Google Cloud Platform.
I started by certifying "infinity-computer-systems.com" using Let's Encrypt, and everything works like a charm. Then, if I connect to "marref.org" in a browser in my PC, my Bitdefender complains about mismatching certificates and that "marref.org" is potentially dangerous. I obviously do not want that.
I read here in other posts that it is possible to certify two domains sharing the same IP by either creating a virtual host for each one and generating two certificates, or grouping them in one virtual host and generating one certificate --- with the former being easier.
Not having enough knowledge in server configuration, I obviously opted for the first "easy choice"; but then I could not get things to work.
The following details what I did.
-
I tried to brute force my way through the problem by calling
sudo certbot --apache
hoping that it magically does something but unsurprisingly it does nothing new. The command lists the already-certified domain "infinity-computer-systems.com". -
I added a second virtual host:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot **hidden**
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<LocationMatch "^/(?!\.well-known)">
#send all other requests to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1
</LocationMatch>
RewriteCond %{SERVER_NAME} =infinity-computer-systems.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot **hidden**
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<LocationMatch "^/(?!\.well-known)">
#send all other requests to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1
</LocationMatch>
RewriteCond %{SERVER_NAME} =marref.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Then I called sudo certbot --apache -d marref.org
and got this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.logRequesting a certificate for marref.orgCertbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems: Domain: marref.org Type: dns Detail: During secondary validation: No valid IP addresses found for marref.orgHint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.Some challenges have failed.Ask for help or search for solutions at [https://community.letsencrypt.org](https://community.letsencrypt.org/). See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
and here I am in the specified forum.
The following is letsencrypt.log
.
2021-08-26 10:38:31,822:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2021-08-26 10:38:32,166:DEBUG:certbot._internal.main:certbot version: 1.18.0
2021-08-26 10:38:32,167:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1343/bin/certbot
2021-08-26 10:38:32,167:DEBUG:certbot._internal.main:Arguments: ['--apache', '-d', 'marref.org', '--preconfigured-renewal']
2021-08-26 10:38:32,167:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-08-26 10:38:32,181:DEBUG:certbot._internal.log:Root logging level set at 30
2021-08-26 10:38:32,182:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2021-08-26 10:38:32,278:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.41
2021-08-26 10:38:32,519:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7fd857f667c0>
Prep: True
2021-08-26 10:38:32,520:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7fd857f667c0> and installer <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7fd857f667c0>
2021-08-26 10:38:32,520:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-08-26 10:38:32,527:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/173166800', new_authzr_uri=None, terms_of_service=None), b6661e9952b702c78b511bad2f2cf7c6, Meta(creation_dt=datetime.datetime(2021, 8, 23, 21, 6, 28, tzinfo=<UTC>), creation_host='infcs-server.us-west4-b.c.infcs-323816.internal', register_to_eff=None))>
2021-08-26 10:38:32,528:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-08-26 10:38:32,530:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-08-26 10:38:32,692:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-08-26 10:38:32,692:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 26 Aug 2021 10:38:32 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"fWDB_CFdE24": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-08-26 10:38:32,699:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for marref.org
2021-08-26 10:38:32,864:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0002_key-certbot.pem
2021-08-26 10:38:32,867:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0002_csr-certbot.pem
2021-08-26 10:38:32,868:DEBUG:acme.client:Requesting fresh nonce
2021-08-26 10:38:32,868:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-08-26 10:38:32,917:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-08-26 10:38:32,917:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 26 Aug 2021 10:38:32 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001m-kSS7v9mtg-82WqwRX8FLpHL9_nbj2pKoSCrYNHZBs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2021-08-26 10:38:32,918:DEBUG:acme.client:Storing nonce: 0001m-kSS7v9mtg-82WqwRX8FLpHL9_nbj2pKoSCrYNHZBs
2021-08-26 10:38:32,918:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "marref.org"\n }\n ]\n}'
2021-08-26 10:38:32,921:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTczMTY2ODAwIiwgIm5vbmNlIjogIjAwMDFtLWtTUzd2OW10Zy04Mldxd1JYOEZMcEhMOV9uYmoycEtvU0NyWU5IWkJzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "w_7_gMz4omFG61sCG4J0s8RvKJ9WditVwe-HyLDgsKlzQX2fP3EBrb9fuBsk4_fXp2WgRKwvI1q9GEztwz7i9J-cOao-_XLTx6hASxz0h64JD9IN6Gn9-3vmcZ9zt_48faYz-dgn4RWPZpq0MOKX6EQQUCaKar4EIuOW9OIg7pFsEDaT7JdNHP-QZyyzIx03AW0mCSSFoNfIEbKXxhBVtLHfQMQaNguc5hUiuFU2ZnGLENsS_Bo_1x9qQ3CCXm8aaW5AnHrKzt2SvWDNSwEXSL1MeBgtkKLLuYMJYuJ1rjo8V0s85-rD0an5U5-I5dz7xquOTXymXOptCQPc7vfZyg",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1hcnJlZi5vcmciCiAgICB9CiAgXQp9"
}
2021-08-26 10:38:33,372:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 333
2021-08-26 10:38:33,373:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 26 Aug 2021 10:38:33 GMT
Content-Type: application/json
Content-Length: 333
Connection: keep-alive
Boulder-Requester: 173166800
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/173166800/19743073920
Replay-Nonce: 0001F3PSyB5YFkxQIksZq0ENXycJU14yeA-Y5jRF9Du-TDw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2021-09-02T10:38:33Z",
"identifiers": [
{
"type": "dns",
"value": "marref.org"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/25260366840"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/173166800/19743073920"
}
2021-08-26 10:38:33,373:DEBUG:acme.client:Storing nonce: 0001F3PSyB5YFkxQIksZq0ENXycJU14yeA-Y5jRF9Du-TDw
2021-08-26 10:38:33,373:DEBUG:acme.client:JWS payload:
b''
2021-08-26 10:38:33,375:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/25260366840:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTczMTY2ODAwIiwgIm5vbmNlIjogIjAwMDFGM1BTeUI1WUZreFFJa3NacTBFTlh5Y0pVMTR5ZUEtWTVqUkY5RHUtVER3IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTI2MDM2Njg0MCJ9",
"signature": "qJIbiSp0nZes6UeV7gBBr-Ig6Ully5eujya7_x4ueO-KsZTtQ9LDv35Hh3sGF-VmVg5EABQ3Mlf8M08IsgeVIg7DpNZhMdVqwt_DfU-GniMbLUdgVzF_4deblAft9i6BkH5Gsd4tWElAx8ZnJcd7PBGR1iOXIFlPlKTbM6YW2HIGi3P9-S-AdugNVa94C2CIxxZAxqh4djWpD0rD1P40n6VV8Sx2nAJ2U5UP79igXkJtUeaTnPbNyElE9Uh3f40ISVrqJqW6mAqqbeWc3JGU-POgroT9av4gt0ROUO6iPHSIjfWa1w6BRZDVZ9pd9RMaf8ZJma4cnleMnDvA8WD8Ow",
"payload": ""
}
2021-08-26 10:38:33,498:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/25260366840 HTTP/1.1" 200 791
2021-08-26 10:38:33,499:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 26 Aug 2021 10:38:33 GMT
Content-Type: application/json
Content-Length: 791
Connection: keep-alive
Boulder-Requester: 173166800
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001ncOjix3RUbPMQSFCLtmpNTUjymkFTN6RLU8M2TlY77U
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "marref.org"
},
"status": "pending",
"expires": "2021-09-02T10:38:33Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/vYnM7Q",
"token": "_vAt3WJO3Gd3b1SKEhJCzYRez0xe5EajHhAY_COoqRw"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/4IzPbw",
"token": "_vAt3WJO3Gd3b1SKEhJCzYRez0xe5EajHhAY_COoqRw"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/-rJZfw",
"token": "_vAt3WJO3Gd3b1SKEhJCzYRez0xe5EajHhAY_COoqRw"
}
]
}
2021-08-26 10:38:33,499:DEBUG:acme.client:Storing nonce: 0001ncOjix3RUbPMQSFCLtmpNTUjymkFTN6RLU8M2TlY77U
2021-08-26 10:38:33,500:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-08-26 10:38:33,500:INFO:certbot._internal.auth_handler:http-01 challenge for marref.org
2021-08-26 10:38:33,507:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: None in: /etc/apache2/sites-enabled/000-default.conf
2021-08-26 10:38:33,507:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: None in: /etc/apache2/sites-enabled/000-default.conf
2021-08-26 10:38:33,507:DEBUG:certbot_apache._internal.http_01:writing a pre config file with text:
RewriteEngine on
RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
2021-08-26 10:38:33,507:DEBUG:certbot_apache._internal.http_01:writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted
</Directory>
<Location /.well-known/acme-challenge>
Require all granted
</Location>
2021-08-26 10:38:33,524:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/000-default.conf
2021-08-26 10:38:36,702:DEBUG:acme.client:JWS payload:
b'{}'
2021-08-26 10:38:36,704:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/vYnM7Q:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTczMTY2ODAwIiwgIm5vbmNlIjogIjAwMDFuY09qaXgzUlViUE1RU0ZDTHRtcE5UVWp5bWtGVE42UkxVOE0yVGxZNzdVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yNTI2MDM2Njg0MC92WW5NN1EifQ",
"signature": "XiADCjP9OSdozaywnxO0kLVGBeWxQL1MDvQWX147A0zgqyanXxFtudAWAigvGfKI-745qvv4A4sG_cCKZzXO2ygFg64IazTheKkj889uX6c6ilBr9iQQlj8yR9VSFxltbejHKaG_-v1KDfseAw73QqN41H2ZOEwJ2m8txGqlQ6IOcEiKTq0-jtzXPmwtXxtVUJ1xeM8BXMsdCQkRM1sHA_pzABCpOou6qReYaA6Ak4I2YqKzpXD6S8ycwYIw5-r6ZT3nIuc3M6-2g6bL38i3sIGxBB23Qb26akPA5MpDWcqu3R0bPvWpPsfixXRz56fpDZ-F4SegInEq9r405eDYSQ",
"payload": "e30"
}
2021-08-26 10:38:36,796:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/25260366840/vYnM7Q HTTP/1.1" 200 186
2021-08-26 10:38:36,796:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 26 Aug 2021 10:38:36 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 173166800
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/25260366840>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/vYnM7Q
Replay-Nonce: 0002xExNX48xh0VSPEx4jKZJsfluITm4Jf1SlhOfmh0G_lw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/vYnM7Q",
"token": "_vAt3WJO3Gd3b1SKEhJCzYRez0xe5EajHhAY_COoqRw"
}
2021-08-26 10:38:36,797:DEBUG:acme.client:Storing nonce: 0002xExNX48xh0VSPEx4jKZJsfluITm4Jf1SlhOfmh0G_lw
2021-08-26 10:38:36,797:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-08-26 10:38:37,798:DEBUG:acme.client:JWS payload:
b''
2021-08-26 10:38:37,799:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/25260366840:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTczMTY2ODAwIiwgIm5vbmNlIjogIjAwMDJ4RXhOWDQ4eGgwVlNQRXg0aktaSnNmbHVJVG00SmYxU2xoT2ZtaDBHX2x3IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTI2MDM2Njg0MCJ9",
"signature": "ysyUk8R3YqDwJZ_bINoIod1HTRNeybTOFA8P_3SdWFfC6qQT94UaWbDH0XG67g1cnHpi6V574fUDUWI_thVCtSxongY9sjyjmqrWyrRl85-W-UbLMwk4qllBvqARdMNqKL46z6NnIvEePLrdP1ZLdFQtnXuTFtQVUKiufwffkh0QwEhLySoKO6eyCFXci2JSs-ijngQ600CmBbemjs5Nt9XYsW-DYnM8I1qBsx_6NYcc7HrMOQJffMoNWgQmbhUMqRkVN_DKfHv_OjC8R6RgVZhZV3aaRcljiVfb82ZISc2AtnkaTiihkAZPZb2QLvl5CxO-zes_38GhB9-fd0s2Vg",
"payload": ""
}
2021-08-26 10:38:37,854:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/25260366840 HTTP/1.1" 200 791
2021-08-26 10:38:37,854:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 26 Aug 2021 10:38:37 GMT
Content-Type: application/json
Content-Length: 791
Connection: keep-alive
Boulder-Requester: 173166800
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00028vFwJittRxvDmy9MovAYeWv31F-dWOJkX0O8Ez0bYV4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "marref.org"
},
"status": "pending",
"expires": "2021-09-02T10:38:33Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/vYnM7Q",
"token": "_vAt3WJO3Gd3b1SKEhJCzYRez0xe5EajHhAY_COoqRw"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/4IzPbw",
"token": "_vAt3WJO3Gd3b1SKEhJCzYRez0xe5EajHhAY_COoqRw"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/-rJZfw",
"token": "_vAt3WJO3Gd3b1SKEhJCzYRez0xe5EajHhAY_COoqRw"
}
]
}
2021-08-26 10:38:37,855:DEBUG:acme.client:Storing nonce: 00028vFwJittRxvDmy9MovAYeWv31F-dWOJkX0O8Ez0bYV4
2021-08-26 10:38:40,858:DEBUG:acme.client:JWS payload:
b''
2021-08-26 10:38:40,860:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/25260366840:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTczMTY2ODAwIiwgIm5vbmNlIjogIjAwMDI4dkZ3Sml0dFJ4dkRteTlNb3ZBWWVXdjMxRi1kV09Ka1gwTzhFejBiWVY0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTI2MDM2Njg0MCJ9",
"signature": "6bgW1xCMdJMG79opVHm8nghRsUn4v9G44_0HL08pAzC8l2v0QCZfFQ_cmUb1byddnM6KDGkPkNpdGwBO9b6TU3i1e4gP5sRv4DFIDPY1FHdv881kUN1oRg_Ff_-IRlVOmRvv_fsR9qd-Pn4K8owi0Hdug_hQcrKMSXaZNNtKPimmJidmHGDVGojV8hY2nHO2QcMGnltnXVfG2HLSrKeSpQCKXzDDwIg2Yyn4loK6VxWy0TSXeI2RNipj2hPGROtsw7dp3C_I_HtxsNDCW5W1XK-tIViL8yGZgVmoqntTBUHoNSjHlh39VYw2rSiwYuiVsctpCIfciPUWtsXRcvP2aQ",
"payload": ""
}
2021-08-26 10:38:40,945:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/25260366840 HTTP/1.1" 200 791
2021-08-26 10:38:40,945:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 26 Aug 2021 10:38:40 GMT
Content-Type: application/json
Content-Length: 791
Connection: keep-alive
Boulder-Requester: 173166800
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001Zyi8_J5kvZOrbik7mE9Pkle3B5nBQKblBgw3CwQQr_w
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "marref.org"
},
"status": "pending",
"expires": "2021-09-02T10:38:33Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/vYnM7Q",
"token": "_vAt3WJO3Gd3b1SKEhJCzYRez0xe5EajHhAY_COoqRw"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/4IzPbw",
"token": "_vAt3WJO3Gd3b1SKEhJCzYRez0xe5EajHhAY_COoqRw"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/-rJZfw",
"token": "_vAt3WJO3Gd3b1SKEhJCzYRez0xe5EajHhAY_COoqRw"
}
]
}
2021-08-26 10:38:40,945:DEBUG:acme.client:Storing nonce: 0001Zyi8_J5kvZOrbik7mE9Pkle3B5nBQKblBgw3CwQQr_w
2021-08-26 10:38:43,949:DEBUG:acme.client:JWS payload:
b''
2021-08-26 10:38:43,951:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/25260366840:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTczMTY2ODAwIiwgIm5vbmNlIjogIjAwMDFaeWk4X0o1a3ZaT3JiaWs3bUU5UGtsZTNCNW5CUUtibEJndzNDd1FRcl93IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTI2MDM2Njg0MCJ9",
"signature": "oWdeadtvUAfZxMY9l6CThBRuVLqgMaj9v9rDbJN625qiPNqyT-Uu6dGO5DkIihfr1RxslXfmWy2lyv7J1FpV3kE9KSkuaFAfdVg8ASbrmOEUJqT-RkkBntAi-_rxrSd9k9oWl7r9fD2SBqXUYdGXkUqDjUq8zcablX_vZsUoZW77c1MZft6QjkEaNgYNAeAvWZGlXcYvGvsFR0PIo7_5j7isXK4TcfirwRP5C974G4Bgd1rubZGZ39RXtAMms9IlOJWNIgmjLa9T6oZYCh7sM-NeV9XJilTva19KLJBDezNOEyYPBHK5LARDvNXsvqmFaSnqfRWuFwFyjXkpmjXBcg",
"payload": ""
}
2021-08-26 10:38:44,034:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/25260366840 HTTP/1.1" 200 791
2021-08-26 10:38:44,034:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 26 Aug 2021 10:38:44 GMT
Content-Type: application/json
Content-Length: 791
Connection: keep-alive
Boulder-Requester: 173166800
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00029iljSUJJAx6pTa0m4S9ptf0mNW3ategqZ39MCeLV9QQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "marref.org"
},
"status": "pending",
"expires": "2021-09-02T10:38:33Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/vYnM7Q",
"token": "_vAt3WJO3Gd3b1SKEhJCzYRez0xe5EajHhAY_COoqRw"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/4IzPbw",
"token": "_vAt3WJO3Gd3b1SKEhJCzYRez0xe5EajHhAY_COoqRw"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/-rJZfw",
"token": "_vAt3WJO3Gd3b1SKEhJCzYRez0xe5EajHhAY_COoqRw"
}
]
}
2021-08-26 10:38:44,034:DEBUG:acme.client:Storing nonce: 00029iljSUJJAx6pTa0m4S9ptf0mNW3ategqZ39MCeLV9QQ
2021-08-26 10:38:47,038:DEBUG:acme.client:JWS payload:
b''
2021-08-26 10:38:47,040:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/25260366840:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTczMTY2ODAwIiwgIm5vbmNlIjogIjAwMDI5aWxqU1VKSkF4NnBUYTBtNFM5cHRmMG1OVzNhdGVncVozOU1DZUxWOVFRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNTI2MDM2Njg0MCJ9",
"signature": "TqPKRAd6P8rGDk4n1c6woRMzZmfuDqG9DBIYJgUlP5tJi6XJK08m0QkReHnDxG4L9ASZx-I7Y78JrAeCtifChUgZWT-TCfMweEqq_DnruBLPkKJejgP3Scxit08_jF8dTC-EH7YDIlKpg8ecZWLs4mk2oLwVosL6f__oazjCNquPnAzM3jojC-UgOgDztc4JIVpPs2IqPBfIdLHmkOyxpk7XgTATJ6_BKWStynnBSN4JMmYOLcHGRVebd0cUWtjIToaunDK6b04d4TCMC5NCsgTek429vBo06_LzsrL9nBOK15HxmJJhzKGhlmlmzotRqgXusoB9GalpfmgSc8_aXQ",
"payload": ""
}
2021-08-26 10:38:47,104:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/25260366840 HTTP/1.1" 200 937
2021-08-26 10:38:47,105:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 26 Aug 2021 10:38:47 GMT
Content-Type: application/json
Content-Length: 937
Connection: keep-alive
Boulder-Requester: 173166800
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001mBnlwabEJe42DMqA3_I23nZDKTB67VA0sNwr62jD6sE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "marref.org"
},
"status": "invalid",
"expires": "2021-09-02T10:38:33Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:dns",
"detail": "During secondary validation: No valid IP addresses found for marref.org",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/25260366840/vYnM7Q",
"token": "_vAt3WJO3Gd3b1SKEhJCzYRez0xe5EajHhAY_COoqRw",
"validationRecord": [
{
"url": "http://marref.org/.well-known/acme-challenge/_vAt3WJO3Gd3b1SKEhJCzYRez0xe5EajHhAY_COoqRw",
"hostname": "marref.org",
"port": "80",
"addressesResolved": [
"34.125.24.60"
],
"addressUsed": "34.125.24.60"
}
],
"validated": "2021-08-26T10:38:36Z"
}
]
}
2021-08-26 10:38:47,105:DEBUG:acme.client:Storing nonce: 0001mBnlwabEJe42DMqA3_I23nZDKTB67VA0sNwr62jD6sE
2021-08-26 10:38:47,105:INFO:certbot._internal.auth_handler:Challenge failed for domain marref.org
2021-08-26 10:38:47,106:INFO:certbot._internal.auth_handler:http-01 challenge for marref.org
2021-08-26 10:38:47,106:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: marref.org
Type: dns
Detail: During secondary validation: No valid IP addresses found for marref.org
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
2021-08-26 10:38:47,107:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-08-26 10:38:47,107:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-08-26 10:38:47,108:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-08-26 10:38:47,357:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/1343/bin/certbot", line 8, in <module>
sys.exit(main())
File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/main.py", line 1566, in main
return config.func(config, plugins)
File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/main.py", line 1280, in run
new_lineage = _get_and_save_cert(le_client, config, domains,
File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/main.py", line 128, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/client.py", line 456, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/client.py", line 386, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/client.py", line 436, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/snap/certbot/1343/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-08-26 10:38:47,359:ERROR:certbot._internal.log:Some challenges have failed.
The following is my /etc/apache2/sites-enabled/000-default-le-ssl.conf
.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot **hidden**
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# <LocationMatch "^/(?!\.well-known)">
#send all other requests to HTTPS
# RewriteEngine On
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{HTTPS} !=on
# RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1
# </LocationMatch>
# RewriteCond %{SERVER_NAME} =infinity-computer-systems.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
ServerName infinity-computer-systems.com
SSLCertificateFile /etc/letsencrypt/live/infinity-computer-systems.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/infinity-computer-systems.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
So could you please let me know how can I add marref.org with its own certificate to my machine?
Many thanks,
Amine.