I can’t renew the SSL Certificate. My domain is: https://ce.oclockdt.com
I ran this command: Virtualmin → Server Configuration → SSL Certificate → Let’s Encrypt → Only Update Renewal. It produced this output: “Renewal failed due to Web-based validation failed”.
My web server is Apache version 2.4.37 and runs in Rocky Linux 8.6 The version of Certbot: 1.22.0
I have consulted many questions on Stackoverflow but I can’t find the solution.
I have created the directory /public_html/.well-known/acme-challenge with permissions 0777 and included an .htaccess with the content:
Options +Indexes
Order allow,deny
Allow from all
I tried
sudo certbot certonly --manual -d ce.oclockdt.com
and this is the result:
Renewing an existing certificate for ce.oclockdt.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:
eUd3ZH9NU76e1rEfHcbmXlXutVP4-O7YnLR-Zidl_XM.hbNn4qOrcJOUJpXJpjW6kKIYWmrSPy_O3rVxzOvqKGE
And make it available on your web server at this URL:
http://ce.oclockdt.com/.well-known/acme-challenge/eUd3ZH9NU76e1rEfHcbmXlXutVP4-O7YnLR-Zidl_XM
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to ContinueSaving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
EOFError
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
The log generated: /var/log/letsencrypt/letsencrypt.log shows
And make it available on your web server at this URL:
http://ce.oclockdt.com/.well-known/acme-challenge/eUd3ZH9NU76e1rEfHcbmXlXutVP4-O7YnLR-Zidl_XM
2023-06-14 11:17:46,909:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/certbot/_internal/auth_handler.py", line 85, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/lib/python3.6/site-packages/certbot/_internal/plugins/manual.py", line 186, in perform
self._perform_achall_manually(achall, i == last_dns_achall)
File "/usr/lib/python3.6/site-packages/certbot/_internal/plugins/manual.py", line 234, in _perform_achall_manually
display_util.notification(msg, wrap=False, force_interactive=True)
File "/usr/lib/python3.6/site-packages/certbot/display/util.py", line 76, in notification
force_interactive=force_interactive, decorate=decorate)
File "/usr/lib/python3.6/site-packages/certbot/_internal/display/obj.py", line 95, in notification
util.input_with_timeout("Press Enter to Continue")
File "/usr/lib/python3.6/site-packages/certbot/_internal/display/util.py", line 67, in input_with_timeout
raise EOFError
EOFError
This is the content of /etc/httpd/conf/httpd.conf :
<VirtualHost 162.19.89.212:80 [2001:41d0:306:2cd4::]:80>
ServerName ce.oclockdt.com
ServerAlias www.ce.oclockdt.com
ServerAlias mail.ce.oclockdt.com
ServerAlias webmail.ce.oclockdt.com
ServerAlias admin.ce.oclockdt.com
DocumentRoot /home/ce/public_html/public
ErrorLog /var/log/virtualmin/ce.oclockdt.com_error_log
CustomLog /var/log/virtualmin/ce.oclockdt.com_access_log combined
ScriptAlias /cgi-bin/ /home/ce/cgi-bin/
DirectoryIndex index.php index.php4 index.php5 index.htm index.html
<Directory /home/ce/public_html/public>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch
Require all granted
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
<Directory /home/ce/cgi-bin>
Require all granted
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
SetHandler proxy:unix:/var/fcgiwrap/167161024797448.sock/socket|fcgi://localhost
ProxyFCGISetEnvIf true SCRIPT_FILENAME "/home/ce%{reqenv:SCRIPT_NAME}"
</Directory>
ProxyPass /.well-known !
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.ce.oclockdt.com
RewriteRule ^(?!/.well-known)(.*) https://ce.oclockdt.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.ce.oclockdt.com
RewriteRule ^(?!/.well-known)(.*) https://ce.oclockdt.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php7.2
RemoveHandler .php8.0
RemoveHandler .php8.1
<FilesMatch \.php$>
SetHandler proxy:unix:/var/php-fpm/167161024797448.sock|fcgi://127.0.0.1
</FilesMatch>
</VirtualHost>
<VirtualHost 162.19.89.212:443 [2001:41d0:306:2cd4::]:443>
ServerName ce.oclockdt.com
ServerAlias www.ce.oclockdt.com
ServerAlias mail.ce.oclockdt.com
ServerAlias webmail.ce.oclockdt.com
ServerAlias admin.ce.oclockdt.com
DocumentRoot /home/ce/public_html/public
ErrorLog /var/log/virtualmin/ce.oclockdt.com_error_log
CustomLog /var/log/virtualmin/ce.oclockdt.com_access_log combined
ScriptAlias /cgi-bin/ /home/ce/cgi-bin/
DirectoryIndex index.php index.php4 index.php5 index.htm index.html
<Directory /home/ce/public_html/public>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch
Require all granted
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
<Directory /home/ce/cgi-bin>
Require all granted
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
SetHandler proxy:unix:/var/fcgiwrap/167161024797448.sock/socket|fcgi://localhost
ProxyFCGISetEnvIf true SCRIPT_FILENAME "/home/ce%{reqenv:SCRIPT_NAME}"
</Directory>
ProxyPass /.well-known !
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.ce.oclockdt.com
RewriteRule ^(?!/.well-known)(.*) https://ce.oclockdt.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.ce.oclockdt.com
RewriteRule ^(?!/.well-known)(.*) https://ce.oclockdt.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php7.2
RemoveHandler .php8.0
RemoveHandler .php8.1
<FilesMatch \.php$>
SetHandler proxy:unix:/var/php-fpm/167161024797448.sock|fcgi://127.0.0.1
</FilesMatch>
SSLEngine on
SSLCertificateFile /etc/ssl/virtualmin/167161024797448/ssl.cert
SSLCertificateKeyFile /etc/ssl/virtualmin/167161024797448/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCACertificateFile /etc/ssl/virtualmin/167161024797448/ssl.ca
</VirtualHost>
I also restarted the server.
Well, I think that the error is that Let’s Encrypt can’t create the test file in /public_html/.well-known/acme-challenge but this directory has permissions. ¿Can you help me?