SSLCertificateFile /etc/letsencrypt/live/linuxlighthouse.com/fullchain.pem

On Wed, Apr 13, 2022 at 3:33 PM Jonathan Billings <billings(a)negate.org&gt; wrote: > On Apr 13, 2022, at 18:12, Jack Craig <jack.craig.aptos(a)gmail.com&gt; wrote: >> >> SSLCertificateFile /etc/letsencrypt/live/linuxlighthouse.com/fullchain.pem > > The information you’ve mentioned is not enough to understand what the actual problem is. What does “dont play nice” mean? > > Make sure the selinux attributes are “system_u:object_r:cert_t:s0” (which is what the selinux policy should give it by default) and that the file and the *entire path* to the file is readable by the user that runs the apache httpd (apache). > > Your first place to look should be the /var/log/httpd/ directory. I’m sure that if there is a problem with the cert or it’s location / permissions, it will be there. If it’s a browser problem, you really need to give an example. > * * *certbot -v certonly --webroot --webroot-path /var/www/html/ --domain linuxlighthouse.com --domain ws.linuxlighthouse.com --domain www.linuxlighthouse.com* * * *using apache plugin * * * *using the above cmd, i get,... * * * *Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Certificate is due for renewal, auto-renewing... Renewing an existing certificate for linuxlighthouse.com and 2 more domains Performing the following challenges: http-01 challenge for linuxlighthouse.com http-01 challenge for ws.linuxlighthouse.com http-01 challenge for www.linuxlighthouse.com Using the webroot path /var/www/html for all unmatched domains. Waiting for verification... Challenge failed for domain linuxlighthouse.com Challenge failed for domain ws.linuxlighthouse.com Challenge failed for domain www.linuxlighthouse.com http-01 challenge for linuxlighthouse.com http-01 challenge for ws.linuxlighthouse.com http-01 challenge for www.linuxlighthouse.com Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: linuxlighthouse.com Type: connection Detail: Fetching http://linuxlighthouse.com/.well-known/acme-challenge/CsFMDVLCGsSdd4LtiWs...: Timeout during connect (likely firewall problem) Domain: ws.linuxlighthouse.com Type: connection Detail: Fetching http://ws.linuxlighthouse.com/.well-known/acme-challenge/wKB5_QWGTM6TptVY...: Timeout during connect (likely firewall problem) Domain: www.linuxlighthouse.com Type: connection Detail: Fetching http://www.linuxlighthouse.com/.well-known/acme-challenge/LKJIuPyWJsczpKY...: Timeout during connect (likely firewall problem) Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. Cleaning up challenges Some challenges have failed.* to me it looks like certbot cant write to /var/www/html/.well-known/.. and figures i dont own the site. i have http & https open for the fedora FW, gotta look next at the FW rules on the BGW210700 . does this ring any bells for others on this list??