Certbot challenge error 404 in webroot mode

This web site runs under Apache on Windows. I installed Windows certbot client and ran it as suggested on its homepage, in webroot mode, since the web site cannot be stopped. This is what it reported:

C:\WWW\somedomain>certbot certonly --webroot Saving debug log to C:\Certbot\log\letsencrypt.log Plugins selected: Authenticator webroot, Installer None Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c' to cancel): somedomain.com Obtaining a new certificate Performing the following challenges: http-01 challenge for somedomain.com Input the webroot for somedomain.com: (Enter 'c' to cancel): c:\www\somedomain Waiting for verification... ←[31mChallenge failed for domain somedomain.com←[0m http-01 challenge for somedomain.com Cleaning up challenges ←[31mSome challenges have failed.←[0m ←[1m IMPORTANT NOTES: ←[0m - The following errors were reported by the server:     Domain: somedomain.com    Type:   unauthorized    Detail: Invalid response from    http://somedomain.com/.well-known/acme-challenge/UIWHcmUsNd_4itYD5IWMLSuldIF4yzd2m9mpSH4W7a0    [2**.1**.1**.2**]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML    2.0//EN\">\n<html><head>\n<title>404 Not    Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"     To fix these errors, please make sure that your domain name was    entered correctly and the DNS A/AAAA record(s) for that domain    contain(s) the right IP address. 

The certbot server does query the right IP address, so the DNS record is working fine. I suspect that it may not be creating the challenge folder/file. I tried creating the above URL manually and querying it in a browser from elsewhere, and it is being served fine. Any ideas what is missing for certbot? Keep in mind that somedomain.com is only used here for example.

How to configure Apache in Ubuntu to work with Certbot?

In my Arch Linux, I configured my Apache in /etc/httpd/conf/httpd.conf as follows for using certbot:

uncomment the following three lines for SSL:

LoadModule ssl_module modules/mod_ssl.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so Include conf/extra/httpd-ssl.conf 

uncomment the following two lines for Proxy:

LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so 

add port 443 and 8888 as listening ports:

Listen 443 Listen 8888 

Also add SSLCertificateFile & SSLCertificateKeyFile to /etc/httpd/conf/extra/httpd-ssl.conf:

SSLCertificateFile "/etc/letsencrypt/live/xxx.co/fullchain.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/xxx.co/privkey.pem" 

As I know that Apache in Ubuntu does not use httpd.conf, but how do I do all these above in Ubuntu 19.04?

Any ideas?

Certbot Can’t Generate SSL Certificates Due to Callange Falure?

I’ve run sudo certbot --apache -d scilabnet.asuscomm.com but I get the error when trying to set up SSL certificates on my apache2 server:

sarah@scilab_comp_0:~$   sudo certbot --apache -d scilabnet.asuscomm.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Obtaining a new certificate Performing the following challenges: http-01 challenge for scilabnet.asuscomm.com Waiting for verification... Cleaning up challenges Failed authorization procedure. scilabnet.asuscomm.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://scilabnet.asuscomm.com/.well-known/acme-challenge/6Tj8Rc9c6D_aZ_lqPdtXXKqfdubVAWn8Gapl5ZA6-jc: Timeout during connect (likely firewall problem)  IMPORTANT NOTES:  - The following errors were reported by the server:     Domain: scilabnet.asuscomm.com    Type:   connection    Detail: Fetching    http://scilabnet.asuscomm.com/.well-known/acme-challenge/6Tj8Rc9c6D_aZ_lqPdtXXKqfdubVAWn8Gapl5ZA6-jc:    Timeout during connect (likely firewall problem)     To fix these errors, please make sure that your domain name was    entered correctly and the DNS A/AAAA record(s) for that domain    contain(s) the right IP address. Additionally, please check that    your computer has a publicly routable IP address and that no    firewalls are preventing the server from communicating with the    client. If you're using the webroot plugin, you should also verify    that you are serving files from the webroot path you provided. 

I’m following: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04

Not sure what I’m doing wrong. UFW isn’t enabled.

How can I get SSL certificates working on my apache2 server?

Nginx letsencrypt certbot ssl page will not load over https but will load over http [on hold]

I am trying to set up a digital ocean server using this tutorial https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04

The site is served just fine over HTTP but will not load from https.

Here is my sites-enabled/api virtualhosts file.

server {     server_name 134.209.170.122 kronoswebsolutions.com www.kronoswebsolutions.com;     location / {       include proxy_params;       proxy_pass http://unix:/home/www/sprycyclesapi/server/api/api.sock;      }     # return 301 https://$  host$  request_uri; }  server {   listen 443 ssl; # managed by Certbot   ssl_certificate /etc/letsencrypt/live/kronoswebsolutions.com/fullchain.pem; # managed by Certbot   ssl_certificate_key /etc/letsencrypt/live/kronoswebsolutions.com/privkey.pem; # managed by Certbot   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Ce   server_name 134.209.170.122 kronoswebsolutions.com www.kronoswebsolutions.com;    location = /favicon.ico { access_log off; log_not_found off; }   location /static/ {         root /home/www/sprycyclesapi/server/api;   }    location / {  if ($  request_method = 'OPTIONS') {         add_header 'Access-Control-Allow-Origin' 'https://websitesbydallan.com' always;     add_header 'Access-Control-Allow-Credentials' 'true' always;         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';         #         # Custom headers and headers various browsers *should* be OK with but aren't         #         add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';         #         # Tell client that this pre-flight info is valid for 20 days         #         add_header 'Access-Control-Max-Age' 1728000;         add_header 'Content-Type' 'text/plain; charset=utf-8';         add_header 'Content-Length' 0;         return 204;      }      if ($  request_method = 'POST') {         add_header 'Access-Control-Allow-Origin' 'https://websitesbydallan.com' always;         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';         add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';         add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';      }      if ($  request_method = 'GET') {         add_header 'Access-Control-Allow-Origin' 'https://websitesbydallan.com' always;         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';         add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';         add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';      }      include proxy_params;     proxy_pass http://unix:/home/www/sprycyclesapi/server/api/api.sock;   } } 

I am using Debian stretch rather than Ubuntu. Gunicorn is the socket service. python version 3.7.2

How to redirect to www using nginx, certbot and Symfony config?

I want all the pages of my website to redirect to www..I am using the default Symfony 4 configuration for nginx, and also added certbot to manage the https certificates.

server {     server_name www.domain.com;     root /var/www/domain.com/public;      location / {         # try to serve file directly, fallback to index.php         try_files $  uri /index.php$  is_args$  args;     }      location ~ ^/index\.php(/|$  ) {         fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;         fastcgi_split_path_info ^(.+\.php)(/.*)$  ;         include fastcgi_params;          fastcgi_param SCRIPT_FILENAME $  realpath_root$  fastcgi_script_name;         fastcgi_param DOCUMENT_ROOT $  realpath_root;         internal;     }     location ~ \.php$   {         return 404;     }      error_log /var/log/nginx/domain.com_error.log;     access_log /var/log/nginx/domain.com_access.log;      listen 443 ssl; # managed by Certbot     ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot     ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }  server {     if ($  host = www.domain.com) {         return 301 https://$  host$  request_uri;     } # managed by Certbot       if ($  host = domain.com) {         return 301 https://$  host$  request_uri;     } # managed by Certbot       server_name domain.com;     listen 80;     return 404; # managed by Certbot } 

The result is however, nothing happens. I get https connections both on www and non-www, but no redirection. What am I missing here?

Certbot DNS Bind Address?

Is there a way to execute certbot such that the outgoing IP will be one of a set of interfaces on the machine instead of the default interface?

One of the messages certbot gives when using:

certbot certonly --manual --preferred-challenges dns 

is:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that.  Are you OK with your IP being logged? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: 

However, I’m running a server with multiple IP addresses with distinct PTR records for each and don’t want the reverse DNS associated with some of the certs to be linkable to the others.

If there isn’t a way to tell certbot itself which interface to use, is there a way within Centos 7 to restrict a command to a particular interface such that it will bind there automatically on a per-execution basis (I still would like to be able to stick this into a cron job, with one for each address.)

SSL Certbot in a domain with 301 redirect and nginx

I have one server at home working with a dynamic domain (mydomain.ddns.net) through my OpenWRT router. Now I want to host a web and I have bought a domain (www.mynewdomain.com) in GoDaddy and I have set up a 301 Redirect with masking (so people keep seeing www.mynewdomain.com instead of mydomain.ddns.net).

The problem is that when I run the ‘sudo certbot –nginx’ command, it can verify mydomain.ddns.net but not www.mynewdomain.com because ‘The client lacks sufficient authorization :: Invalid response from www.mynewdomain.com/.well-known/acme-challenge…’

I have been searching and trying different stuff, most of them related to this piece of code:

location ~ /.well-known {     default_type "text/plain";     root /var/www/html; } 

But it is not working. Probably because these solutions are not taking into account that I’m under a mask 301 redirect. Could someone help me? Thanks in advance.

Instruct LetsEncrypt certbot to use python3

When I run certbot renew --quiet I get this error message:

/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/cryptography /hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning:  Support for your Python version is deprecated. The next version of  cryptography will remove support. Please upgrade to a 2.7.x release that  supports hmac.compare_digest as soon as possible.   utils.DeprecatedIn23, 

First of all I’m having issues upgrade python 2.7. I have 2.7.6 installed but when I run apt-get update and apt-get install python it says I already have the latest version installed.

I do have python3 installed as well (3.4) so I thought it might be easier to instruct certbot to use python3 instead of python instead of worrying about upgrading it. Any way to do that?