Dear Let's Encrypt:
Thank you kindly for your reply. You folks are a wonderful resource!
My domain is:
testmaps.camavision.com
I ran this command:
sudo certbot-auto certonly --webroot -w /pub/maps/html/ -d testmaps.camavision.com
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for testmaps.camavision.com
Using the webroot path /pub/maps/html for all unmatched domains.
Waiting for verification...
Challenge failed for domain testmaps.camavision.com
http-01 challenge for testmaps.camavision.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: testmaps.camavision.com
Type: unauthorized
Detail: Invalid response from
http://testmaps.camavision.com/.well-known/acme-challenge/1OOHmYFEISgMfsMONP3Zy_eBrot_pRXYA_wCMXlT13c
[199.188.65.182]: 404To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
bash-5.0$ httpd -v
Server version: Apache/2.4.46 (Unix)
Server built: Aug 4 2020 17:22:48
The operating system my web server runs on is (include version):
bash-5.0$ cat /etc/slackware-version
Slackware 14.2+
My hosting provider, if applicable, is:
None.
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.36.0
According to my network guy, he has enabled port 443 forwarding via SonicWall.
bash-5.0$ nmap athena.camavision.com | grep 80
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-05 14:31 CST
80/tcp open http
bash-5.0$ nmap athena.camavision.com | grep 443
443/tcp open https
My apache config has the following:
bash-5.0$ grep -i listen /etc/httpd/httpd.conf
Listen 80
Listen 443
The VirtualHost directives in apache are similar to the following:
<VirtualHost *:80 *:443>
ServerName testmaps.camavision.com
ServerAlias maps.camavision.com map2.camavision.com
DocumentRoot "/pub/maps/html"
CustomLog "/var/log/httpd/access_log" common
# SSLEngine on
# SSLCertificateFile /etc/letsencrypt/live/testmaps.camavision.com/cert.pem
# SSLCertificateKeyFile /etc/letsencrypt/live/testmaps.camavision.com/privkey.pem
# SSLCertificateChainFile /etc/letsencrypt/live/testmaps.camavision.com/chain.pem
...
I am planning to uncomment the directives above after I am successful in getting certbot to run.
It looks like "http" works okay:
bash-5.0$ wget --spider testmaps.camavision.com
Spider mode enabled. Check if remote file exists.
--2020-11-05 14:46:57-- http://testmaps.camavision.com/
Resolving testmaps.camavision.com (testmaps.camavision.com)... 192.168.10.14
Connecting to testmaps.camavision.com (testmaps.camavision.com)|192.168.10.14|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Remote file exists and could contain further links,
but recursion is disabled -- not retrieving.
It looks like there are some problems with https:
bash-5.0$ wget --spider https://testmaps.camavision.com
Spider mode enabled. Check if remote file exists.
--2020-11-05 14:47:18-- https://testmaps.camavision.com/
Resolving testmaps.camavision.com (testmaps.camavision.com)... 192.168.10.14
Connecting to testmaps.camavision.com (testmaps.camavision.com)|192.168.10.14|:443... connected.
OpenSSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Unable to establish SSL connection.
The version openssl is fairly recent:
bash-5.0$ openssl version
OpenSSL 1.1.1g 21 Apr 2020
This server has never had any previous certificates. I have never had https running successfully on this server.
