On Wed, Apr 13, 2022 at 3:33 PM Jonathan Billings <billings@negate.org> wrote:
On Apr 13, 2022, at 18:12, Jack Craig <jack.craig.aptos@gmail.com> wrote:

SSLCertificateFile /etc/letsencrypt/live/linuxlighthouse.com/fullchain.pem

The information you’ve mentioned is not enough to understand what the actual problem is. What does “dont play nice” mean?

Make sure the selinux attributes are “system_u:object_r:cert_t:s0” (which is what the selinux policy should give it by default) and that the file and the *entire path* to the file is readable by the user that runs the apache httpd (apache). 

Your first place to look should be the /var/log/httpd/ directory. I’m sure that if there is a problem with the cert or it’s location / permissions, it will be there. If it’s a browser problem, you really need to give an example. 

certbot -v  certonly --webroot --webroot-path /var/www/html/ --domain linuxlighthouse.com --domain ws.linuxlighthouse.com --domain www.linuxlighthouse.com

using apache plugin

using the above cmd, i get,...

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Certificate is due for renewal, auto-renewing...
Renewing an existing certificate for linuxlighthouse.com and 2 more domains
Performing the following challenges:
http-01 challenge for linuxlighthouse.com
http-01 challenge for ws.linuxlighthouse.com
http-01 challenge for www.linuxlighthouse.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Challenge failed for domain linuxlighthouse.com
Challenge failed for domain ws.linuxlighthouse.com
Challenge failed for domain www.linuxlighthouse.com
http-01 challenge for linuxlighthouse.com
http-01 challenge for ws.linuxlighthouse.com
http-01 challenge for www.linuxlighthouse.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: linuxlighthouse.com
  Type:   connection
  Detail: Fetching http://linuxlighthouse.com/.well-known/acme-challenge/CsFMDVLCGsSdd4LtiWsrf57VQGiWNAS8Ht2y8n-HovM: Timeout during connect (likely firewall problem)

  Domain: ws.linuxlighthouse.com
  Type:   connection
  Detail: Fetching http://ws.linuxlighthouse.com/.well-known/acme-challenge/wKB5_QWGTM6TptVYBWFMKz0Fkd92Ulphof_ovQJ4nKI: Timeout during connect (likely firewall problem)

  Domain: www.linuxlighthouse.com
  Type:   connection
  Detail: Fetching http://www.linuxlighthouse.com/.well-known/acme-challenge/LKJIuPyWJsczpKYH8OXNZU8dshLwfnfZXL6U1IQfUpY: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Cleaning up challenges
Some challenges have failed.
 
to me it looks like certbot cant write to /var/www/html/.well-known/..
and figures i dont own the site.

i have http & https open for the fedora FW, gotta look next at the FW rules on the BGW210700 .

does this ring any bells for others on this list??
--
Jonathan Billings
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure