It produced this output: 1) It is giving me .well-known – just this nothing else.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for oar12apc.consolidated.work
Using the webroot path /u01/apps/fs1/FMW_Home/wlserver_10.3/server/lib for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. oar12apc.consolidated.work (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://oar12apc.consolidated.work/.well-known/acme-challenge/ucEE1dlVKyr0ynI-kBry2O6N3WYkZNBrVlaUJkGHpzM: "
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
My operating system is (include version): RHEL 7
My web server is (include version): i am using oracle apache
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don’t know):yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
That's the directory where all the files of the website are residing. I.e., if you access "http://oar12apc.consolidated.work/testfile.txt", and the file in question would be /path/to/testfile.txt, the webroot is /path/to/.
So i understood from ur feedback that, we need to provide this location “OA_HTML/AppsLocalLogin.jsp” write?
So the file “OA_HTML/AppsLocalLogin.jsp” has permission as applprod:oinstall .
And i ran the following::
./certbot-auto certonly --webroot -w /u01/apps/fs1/FMW_Home/Oracle_EBS-app1/applications/oacore/html/ -d oar12apc.consolidated.work
in the directory /u01/apps/fs1/FMW_Home/Oracle_EBS-app1/applications/oacore/html/ — the directory created as .Well-Known
And facing still the same issue.
And also please help me how to access the testfile.txt from the url.
I'm totally not familiar with Oracle, so I have no idea what that means.
For the http-01 challenge, you're supposed to be able to provide files from http://oar12apc.consolidated.work/.well-known/acme-challenge/
If that's not possible, you have to use an other challenge, such as tls-sni-01 (which probably isn't going to work either) of through DNS with the dns-01 challenge.
Now i got what the webroot path should be.My webroot path is in the server "/u01/apps/fs1/FMW_Home/Oracle_EBS-app1/applications/oacore/html"
As u told earlier, i created a testfile.txt, test.html, a.jsp — all the three files i am able to access with the url using the IE browser.
[root@oar12apc certbot]# ./certbot-auto certonly --webroot -w /u01/apps/fs1/FMW_Home/Oracle_EBS-app1/applications/oacore/html/ -d oar12apc.consolidated.work
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for oar12apc.consolidated.work
Using the webroot path /u01/apps/fs1/FMW_Home/Oracle_EBS-app1/applications/oacore/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. oar12apc.consolidated.work (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://oar12apc.consolidated.work/.well-known/acme-challenge/8IsUtF_ZKflPMW7XuIEaMAKmGLQuSRULly4HA2M_P-U: "
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
===================================================
Well, that "OA_HTML" is a problem. Because /.well-known/acme-challenge/ (required) is not the same as /OA_HTML/.well-known/acme-challenge/ (I assume the current situation).
I don't know, as I said, I'm not familiar with Oracle.
If you can't get Oracle to serve files directly under the root (http://oar12apc.consolidated.work/) without the OA_HTML part, the webroot plugin most likely isn't going to work.
I'm quite certain (but not 100 %) the tls-sni-01 challenge with the apache plugin isn't going to work either, so best bet is to use the dns-01 challenge (with the manual plugin in certbot or with one of the bash clients [third party clients]).
Right, a key point to understand here is that the webroot plugin only works if you can get the web server to serve a file at /.well-known/acme-challenge/ca-chosen-filename directly at the top level of your site with no other path components. Otherwise, the webroot plugin can't work at all; the Let's Encrypt certificate authority won't accept anything else for this type of validation.
In order to prove your control over the domain, you have to make a change to your site as requested by the certificate authority. The three kinds of changes that Let's Encrypt supports for this purpose are called
HTTP-01 (posting a file in a specified place on the site, as described above, which is what the webroot plugin tries to do),
TLS-SNI-01 (changing the certificates that the server serves to include a custom one, which requires some integration with your specific web server software, which probably currently doesn't exist for the Oracle server, although the standalone plugin can also handle this if you're able to shut down your web server entirely for the brief period of validation, including during renewals of the certificate every 90 days),
and DNS-01 (which requires some way to add DNS records to your DNS zone, which the bash clients are the best at doing automatically via DNS provider APIs).