Unable to complete request

avi-noga · February 17, 2022, 6:17am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: matan-chen-visits.noga-software.co.il

I ran this command: sudo certbot -v --apache

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

1: matan-chen-visits.noga-software.co.il

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for matan-chen-visits.noga-software.co.il
Performing the following challenges:
http-01 challenge for matan-chen-visits.noga-software.co.il
Waiting for verification...
Challenge failed for domain matan-chen-visits.noga-software.co.il
http-01 challenge for matan-chen-visits.noga-software.co.il

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: matan-chen-visits.noga-software.co.il
Type: unauthorized
Detail: Invalid response from http://matan-chen-visits.noga-software.co.il/.well-known/acme-challenge/zlspuvpffg9DV81DHtgvv8oLRaJ04BuU6IiaV_kt3lI [62.219.78.148]: "\n\n404 Not Found\n\n

Not Found

\n<p"

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):

The operating system my web server runs on is (include version): centos 7.7

My hosting provider, if applicable, is: KAMATERA

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.23.0

rg305 · February 17, 2022, 9:11am

Hi @avi-noga and welcome to the LE community forum

It seems that certbot is unable to properly decipher the Apache configuration.
Let's see if we can unravel the problem therein.
We can start with the output of:
apachectl -t -D DUMP_VHOSTS

avi-noga · February 17, 2022, 9:26am

Hi!!

Thank you very much for your rapid response . we really appreciate this.

Here is the output:

Passing arguments to httpd using apachectl is no longer supported.

You can only start/stop/restart httpd using this script.

If you want to pass extra arguments to httpd, edit the

/etc/sysconfig/httpd config file.

VirtualHost configuration:

*:80 matan-chen-visits.noga-software.co.il (/etc/httpd/conf/httpd.conf:44)

*:443 127.0.0.1 (/etc/httpd/conf.d/ssl.conf:56)

Regards,

Avi@Noga

avi-noga · February 17, 2022, 11:03am

i`v changed my ssl.conf file accordingly to the new domain,
but still have problem:

hich names would you like to activate HTTPS for?

1: matan-chen-visits.noga-software.co.il

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for matan-chen-visits.noga-software.co.il
Performing the following challenges:
http-01 challenge for matan-chen-visits.noga-software.co.il
Waiting for verification...
Challenge failed for domain matan-chen-visits.noga-software.co.il
http-01 challenge for matan-chen-visits.noga-software.co.il

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: matan-chen-visits.noga-software.co.il
Type: unauthorized
Detail: Invalid response from http://matan-chen-visits.noga-software.co.il/.well-known/acme-challenge/ZLZMaHhXa3_09u_qc5iwmuUp8PX-Jkyx0Rmh_83uK3o [62.219.78.148]: "\n\n404 Not Found\n\n

Not Found

\n<p"

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[root@nogawebapps2 ~]# apachectl -t -D DUMP_VHOSTS
Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.
VirtualHost configuration:
*:80 matan-chen-visits.noga-software.co.il (/etc/httpd/conf/httpd.conf:44)
*:443 matan-chen-visits.noga-software.co.il (/etc/httpd/conf.d/ssl.conf:56)

9peppe · February 17, 2022, 11:23am

Show us both files.

I think you'll need to use --webroot and to install your certificate manually. (Don't forget --deploy-hook)

avi-noga · February 17, 2022, 11:41am

hi.
here are the files: files

sorry , but i don`t understand your further instructions about manually certificate.

9peppe · February 17, 2022, 7:48pm

It's a bit of a mess, and a bit nonstandard.

If your http server works, try running

certbot --dry-run --webroot -w /var/www/html -d matan-chen-visits.noga-software.co.il --deploy-hook "command to reload apache"

If it works, you have to run it again removing --dry-root and manually create an encrypted virtualhost (and configure your server better, because that ssl.conf file is pretty outdated.)

avi-noga · February 17, 2022, 9:26pm

got an error:

certbot certonly --dry-run --webroot -w /var/www/html -d matan-chen-visits.noga-software.co.il --deploy-hook "systemctl reload httpd"

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Account registered.

Simulating a certificate request for matan-chen-visits.noga-software.co.il

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:

Domain: matan-chen-visits.noga-software.co.il

Type: unauthorized

Detail: Invalid response from http://matan-chen-visits.noga-software.co.il/.well-known/acme-challenge/L6_JlpR1rxD9Ez4K3BFC6FqyMatOEPSKzunZWzeX5Cc [62.219.78.148]: "\n\n404 Not Found\n\n

Not Found

\n<p"

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

בברכה,

אבי סילאם

נגה פתרונות לסיעוד

9peppe · February 17, 2022, 10:29pm

It's quite strange. What's the directory you put your website files in?

avi-noga · February 20, 2022, 10:27am

/var/www/html

these are my ssl.conf and httpd.conf files:

conf

please help

9peppe · February 20, 2022, 1:12pm

Something is missing there. You redirect http to https but I cannot find the https virtualhost (there's a default one with a self signed certificate and no ServerName and no DocumentRoot.

You might want to reset apache's config to afctory condition and then add a single file in /etc/httpd/conf.d with these contents:

<VirtualHost *:80>
  ServerName  matan-chen-visits.noga-software.co.il
  DocumentRoot /var/www/html

  RewriteEngine on
  RewriteCond %{SERVER_NAME} =matan-chen-visits.noga-software.co.il
  RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

get your certificate (certbot --dry-run --webroot -w /var/www/html -d matan-chen-visits.noga-software.co.il --deploy-hook "command to reload apache"), and then run certbot certificates it will tell you where your fullchain and where your key are.

Once you gave a cert and key, add this to that file:

<VirtualHost *:443>
  ServerName  matan-chen-visits.noga-software.co.il
  DocumentRoot /var/www/html

  SSLEngine on
  SSLCertificateFile /path/to/fullchain.pem
  SSLCertificateKeyFile   /path/to/key.pem

  Protocols h2 http/1.1
</VirtualHost>

If you want to go further, see here what to change in ssl.conf: Mozilla SSL Configuration Generator

don't change httpd.conf.

avi-noga · February 20, 2022, 2:36pm

I don`t understand anything

בברכה,

אבי סילאם

נגה פתרונות לסיעוד

9peppe · February 20, 2022, 3:52pm

Managing a webserver is only easy if you know what you're doing. Otherwise, you risk your website getting compromised and more.

To add on that, you're using CentOS, which is common enough, but only in enterprise settings and not among volunteers.

We will help you, but we can't do it for you.

system · March 22, 2022, 3:53pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.