Wrong domain when "Fetching"


#1

My domain is:
lumen.com.ar

I ran this command:
certbot certonly --webroot -q -w /web/vhosts/lumenc/www -d lumen.com.ar -d www.lumen.com.ar -d webmail.lumen.com.ar

It produced this output:
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for lumen.com.ar
http-01 challenge for webmail.lumen.com.ar
http-01 challenge for www.lumen.com.ar
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (lumen.com.ar) from /usr/local/etc/letsencrypt/renewal/lumen.com.ar.conf produced an unexpected error: Failed authorization procedure. webmail.lumen.com.ar (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.webmail.lumen.com.ar/.well-known/acme-challenge/FAbzG9AMSClF5bV4Ysdq1mM9-2kGr4FWZ08xAAMA7EM: Error getting validation data. Skipping.

My web server is (include version):
Apache/2.4.34

The operating system my web server runs on is (include version):
FreeBSD 10.4-RELEASE-p9

Why certbot is trying to fetch “http://WWW.webmail.lumen.com.ar” ?
I’m not trynig to get a certificate for WWW.webmail.lumen.com.ar

I see this error some times with others domains, but after 1 or 2 intetns the error is no generated

This is a BUG ? or I´m doing something wrong?

Thanks
Pablo Murillo


#2

Hi @PablitoMurillo

your command is correct. And that

looks good. But

this is curious. Certbot creates a file under /.well-known/acme-challenge/, Letsencrypt tries to load that file and validate the content. If the server sends a redirect, Letsencrypt follows this redirect. So:

Testing with www.lumen.com.ar:

D:\temp>download http://www.lumen.com.ar/.well-known/acme-challenge/1234 -h
Error (1): Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
ProtocolError
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Date: Mon, 01 Oct 2018 14:51:04 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: http://www.edlumen.net/.well-known/acme-challenge/1234
Set-Cookie: PHPSESSID=pak2pusifbdbmjpvn3v1u5s5t1; path=/,language=es; expires=Wed, 31-Oct-2018 14:51:04 GMT; Max-Age=2592000; path=/; domain=www.lumen.com.ar,currency=ARS; expires=Wed, 31-Oct-2018 14:51:04 GMT; Max-Age=2592000; path=/; domain=www.lumen.com.ar
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 3476
Keep-Alive: timeout=2, max=500
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

Status: 404 NotFound
404

2326,68 milliseconds
2,33 seconds

Testing with webmail.lumen.com.ar

D:\temp>download http://webmail.lumen.com.ar/.well-known/acme-challenge/1234 -h
Error (1): Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
ProtocolError
Vary: accept-language,accept-charset,Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=2, max=500
Connection: Keep-Alive
Content-Language: es
Accept-Ranges: bytes
Content-Length: 686
Content-Type: text/html
Date: Mon, 01 Oct 2018 14:51:57 GMT
Server: Apache

Status: 404 NotFound
404

1536,93 milliseconds
1,54 seconds

Your main site has a - slow - redirect, but answers direct with a 404. This is unusual. Your webmail hasn’t a redirect. But there are

Vary: accept-language,accept-charset,Accept-Encoding,User-Agent

header. Perhaps something adds a redirect if there is a special User-Agent.

So your error looks like there is a redirect to the www-version. But I can’t reproduce this error.


#3

Hi @juergenauer

You are right !!!
One “designer” was “playing” with the site and add an .htaccess after I checked if there is NOT an .htaccess file !!!

Sorry, sorry, sorry !
My bad !


#6

Hi Alan

I find the problem
After I prepare the server to renew the domain, one of the “designer” upload
an .htaccess to make some test !!! and this was the problem
My bad !
Thanks

Pablo Murillo


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.