On Wed, Apr 13, 2022 at 3:33 PM Jonathan Billings
<billings(a)negate.org> wrote:
> On Apr 13, 2022, at 18:12, Jack Craig <jack.craig.aptos(a)gmail.com> wrote:
>>
>> SSLCertificateFile /etc/letsencrypt/live/linuxlighthouse.com/fullchain.pem
>
> The information you’ve mentioned is not enough to understand what the actual problem
is. What does “dont play nice” mean?
>
> Make sure the selinux attributes are “system_u:object_r:cert_t:s0” (which is what the
selinux policy should give it by default) and that the file and the *entire path* to the
file is readable by the user that runs the apache httpd (apache).
>
> Your first place to look should be the /var/log/httpd/ directory. I’m sure that if
there is a problem with the cert or it’s location / permissions, it will be there. If it’s
a browser problem, you really need to give an example.
> *
*
*certbot -v certonly --webroot --webroot-path /var/www/html/ --domain
linuxlighthouse.com --domain
ws.linuxlighthouse.com --domain
www.linuxlighthouse.com*
*
*
*using apache plugin
*
*
*
*using the above cmd, i get,...
*
*
*
*Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Certificate is due for renewal, auto-renewing...
Renewing an existing certificate for
linuxlighthouse.com and 2 more
domains
Performing the following challenges:
http-01 challenge for
linuxlighthouse.com
http-01 challenge for
ws.linuxlighthouse.com
http-01 challenge for
www.linuxlighthouse.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Challenge failed for domain
linuxlighthouse.com
Challenge failed for domain
ws.linuxlighthouse.com
Challenge failed for domain
www.linuxlighthouse.com
http-01 challenge for
linuxlighthouse.com
http-01 challenge for
ws.linuxlighthouse.com
http-01 challenge for
www.linuxlighthouse.com
Certbot failed to authenticate some domains (authenticator: webroot).
The Certificate Authority reported these problems:
Domain:
linuxlighthouse.com
Type: connection
Detail: Fetching
http://linuxlighthouse.com/.well-known/acme-challenge/CsFMDVLCGsSdd4LtiWs...:
Timeout during connect (likely firewall problem)
Domain:
ws.linuxlighthouse.com
Type: connection
Detail: Fetching
http://ws.linuxlighthouse.com/.well-known/acme-challenge/wKB5_QWGTM6TptVY...:
Timeout during connect (likely firewall problem)
Domain:
www.linuxlighthouse.com
Type: connection
Detail: Fetching
http://www.linuxlighthouse.com/.well-known/acme-challenge/LKJIuPyWJsczpKY...:
Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the temporary
challenge files created by Certbot. Ensure that the listed domains
serve their content from the provided --webroot-path/-w and that files
created there can be downloaded from the internet.
Cleaning up challenges
Some challenges have failed.*
to me it looks like certbot cant write to /var/www/html/.well-known/..
and figures i dont own the site.
i have http & https open for the fedora FW, gotta look next at the FW
rules on the BGW210700 .
does this ring any bells for others on this list??