Unable to get a cert

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: skynet.raventech.site

I ran this command:
sudo certbot --apache

It produced this output:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: skynet.raventech.site
Type: unauthorized
Detail: 2a02:4780:2b:1555:0:2d22:aa0e:2: Invalid response from http://skynet.raventech.site/.well-known/acme-challenge/p_AOFOjX87hxp-BCnMi1pGx53ByerQxVL3Ucp1OHLuw: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
erver version: Apache/2.4.57 (Ubuntu)
Server built: 2024-04-10T17:41:02
The operating system my web server runs on is (include version):
ubuntu 23.1

My hosting provider, if applicable, is:
Linode

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
snap 2.61.3+23.10
snapd 2.61.3+23.10
series 16
ubuntu 23.10
kernel 6.5.0-28-generic

this is the output from lets debug

Test result for skynet.raventech.site using http-01

All OK!

OK

No issues were found with skynet.raventech.site. If you are having problems with creating an SSL certificate, please visit the Let's Encrypt Community forums and post a question there.

Submitted 6s ago. Sat in queue for 1ms. Completed in 6s. Show verbose information.

We also have open-source API and CLI tools, as well as web-based certificate search and certificate revocation.

3

Hi @raven, and welcome to the LE community forum :slight_smile:

As with all things Apache [on this forum], I prefer we start by reviewing the output of:

sudo apachectl -t -D DUMP_VHOSTS

It will likely show that you don't have any IPv6 vhosts defined.

IPv6 fails:

curl -Ii6 skynet.raventech.site
curl: (56) Recv failure: Connection reset by peer

IPv4 works:

curl -Ii4 skynet.raventech.site
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
date: Sat, 04 May 2024 01:16:38 GMT
server: LiteSpeed
location: https://skynet.raventech.site/
platform: hostinger
content-security-policy: upgrade-insecure-requests

EDIT: the IPv6 failure was on my side

1 Like
4

It looks like IPv6 is working again. For a Let's Debug test and from my own test server.

I am curious why you are trying to get a cert for that domain when you got one on Apr28. Normally they are not renewed until just 30 days before expiry.

What original problem are you trying to solve?

Your Apr28 cert: crt.sh | 12883152014

3 Likes
5

It might have been working all the while.

curl -Ii6 www.google.com
curl: (56) Recv failure: Connection reset by peer

I think my IPv6 needs a reboot :frowning:

3 Likes
6

i was trying to create a subdomain for my nextcloud which is on another server than my website, can i use the same cert from raventech.site?

7

Was it for the domain skynet.raventech.site ?

Because you already have a cert with that name. You could copy that to your nextcloud if you want. But, you would have to repeat that process each time the cert was renewed which is usually every 60 days.

How many places do you want to use that skynet.raventech.site name ?

How did you get the skynet cert before?

3 Likes
8

ok so i have a cert for skynet.raventech.site

i know i have a cert for raventech.site

i only want skynet.raventech.site on my nextcloud
raventech.site is my web site im learning to build
how to add the cert for skynet.raventech.site to my nextcloud

9

That's a great question to ask at the Nextcloud Community. Someone here may still offer help but I don't use Nextcloud myself so don't know.

3 Likes
10

I don't see why you would want to do that.
Two servers are usually on two different IPs.
Which should use two different FQDNs [one unique entry for each].

Then don't concern yourself with any other names nor certs - they are all irrelevant to this task.

3 Likes
11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.