Web based validation failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: technoreso.com

I ran this command: certbot certonly -a webroot -w /var/www/html -d technoreso.com -d www.technoreso.com

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for technoreso.com and www.technoreso.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/technoreso.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/technoreso.com/privkey.pem
This certificate expires on 2024-03-27.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

If you like Certbot, please consider supporting our work by:

• Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
• Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation

root@host:~# sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/technoreso.com.conf

Certificate not yet due for renewal

The following certificates are not due for renewal yet:
/etc/letsencrypt/live/technoreso.com/fullchain.pem expires on 2024-03-27 (skipped)
No renewals were attempted.

root@host:~# certbot certonly --force-renew -d technoreso.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?

1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Requesting a certificate for technoreso.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/technoreso.com-0001/fullchain.pem
Key is saved at: /etc/letsencrypt/live/technoreso.com-0001/privkey.pem
This certificate expires on 2024-03-27.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

My web server is (include version): Linux 5.15.0-67-generic on x86_64

The operating system my web server runs on is (include version): Ubuntu Linux 22.04.3

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Webmin 2.105 |

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N.A.

Please don't do this. What was your goal with the above command? For testing future renewals you should use certbot renew --dry-run, NOT --force-renewal.

Now you have a duplicate certificate, although without the www subdomain. Was that the goal?

The Certbot version is very much applicable.

Also: the thread title claims a failure, but in your post I don't see any failure mentioned?

can you please tell me how to check certbot version and virtualmin version
and my goal is to my website is showing insucure whenever i am opening www.technoreso.com
and when I am trying to Request for SSL Certificate it is showing like this

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for technoreso.com and 4 more domains

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: admin.technoreso.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for admin.technoreso.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for admin.technoreso.com - check that a DNS record exists for this domain

Domain: webmail.technoreso.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for webmail.technoreso.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for webmail.technoreso.com - check that a DNS record exists for this domain

Domain: mail.technoreso.com
Type: unauthorized
Detail: 103.180.163.174: Invalid response from http://mail.technoreso.com/.well-known/acme-challenge/4nC2LMZ-I6j6YQAeUlD_lP1NdFGGFxlVwLOpkbWvTXQ: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

You are getting a certificate that includes both technoreso.com and the www subdomain. But, your Apache server is not configured to use it. Your apache is using a self-signed cert.

You need to change your VirtualHost that handles port 443 to use your new cert. Does VirtualMin do that or do you have to change Apache config manually?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.