On Wed, Apr 13, 2022 at 3:33 PM Jonathan Billings <billi...@negate.org> wrote:
> On Apr 13, 2022, at 18:12, Jack Craig <jack.craig.ap...@gmail.com> wrote: > > > SSLCertificateFile /etc/letsencrypt/live/linuxlighthouse.com/fullchain.pem > > > The information you’ve mentioned is not enough to understand what the > actual problem is. What does “dont play nice” mean? > > Make sure the selinux attributes are “system_u:object_r:cert_t:s0” (which > is what the selinux policy should give it by default) and that the file and > the *entire path* to the file is readable by the user that runs the apache > httpd (apache). > > Your first place to look should be the /var/log/httpd/ directory. I’m sure > that if there is a problem with the cert or it’s location / permissions, it > will be there. If it’s a browser problem, you really need to give an > example. > > *certbot -v certonly --webroot --webroot-path /var/www/html/ --domain linuxlighthouse.com <http://linuxlighthouse.com> --domain ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> --domain www.linuxlighthouse.com <http://www.linuxlighthouse.com>* *using apache plugin* *using the above cmd, i get,...* *Saving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator webroot, Installer NoneCertificate is due for renewal, auto-renewing...Renewing an existing certificate for linuxlighthouse.com <http://linuxlighthouse.com> and 2 more domainsPerforming the following challenges:http-01 challenge for linuxlighthouse.com <http://linuxlighthouse.com>http-01 challenge for ws.linuxlighthouse.com <http://ws.linuxlighthouse.com>http-01 challenge for www.linuxlighthouse.com <http://www.linuxlighthouse.com>Using the webroot path /var/www/html for all unmatched domains.Waiting for verification...Challenge failed for domain linuxlighthouse.com <http://linuxlighthouse.com>Challenge failed for domain ws.linuxlighthouse.com <http://ws.linuxlighthouse.com>Challenge failed for domain www.linuxlighthouse.com <http://www.linuxlighthouse.com>http-01 challenge for linuxlighthouse.com <http://linuxlighthouse.com>http-01 challenge for ws.linuxlighthouse.com <http://ws.linuxlighthouse.com>http-01 challenge for www.linuxlighthouse.com <http://www.linuxlighthouse.com>Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: linuxlighthouse.com <http://linuxlighthouse.com> Type: connection Detail: Fetching http://linuxlighthouse.com/.well-known/acme-challenge/CsFMDVLCGsSdd4LtiWsrf57VQGiWNAS8Ht2y8n-HovM <http://linuxlighthouse.com/.well-known/acme-challenge/CsFMDVLCGsSdd4LtiWsrf57VQGiWNAS8Ht2y8n-HovM>: Timeout during connect (likely firewall problem) Domain: ws.linuxlighthouse.com <http://ws.linuxlighthouse.com> Type: connection Detail: Fetching http://ws.linuxlighthouse.com/.well-known/acme-challenge/wKB5_QWGTM6TptVYBWFMKz0Fkd92Ulphof_ovQJ4nKI <http://ws.linuxlighthouse.com/.well-known/acme-challenge/wKB5_QWGTM6TptVYBWFMKz0Fkd92Ulphof_ovQJ4nKI>: Timeout during connect (likely firewall problem) Domain: www.linuxlighthouse.com <http://www.linuxlighthouse.com> Type: connection Detail: Fetching http://www.linuxlighthouse.com/.well-known/acme-challenge/LKJIuPyWJsczpKYH8OXNZU8dshLwfnfZXL6U1IQfUpY <http://www.linuxlighthouse.com/.well-known/acme-challenge/LKJIuPyWJsczpKYH8OXNZU8dshLwfnfZXL6U1IQfUpY>: Timeout during connect (likely firewall problem)Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.Cleaning up challengesSome challenges have failed.* to me it looks like certbot cant write to /var/www/html/.well-known/.. and figures i dont own the site. i have http & https open for the fedora FW, gotta look next at the FW rules on the BGW210700 . does this ring any bells for others on this list?? > -- > Jonathan Billings > _______________________________________________ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure