On Wed, Apr 13, 2022, at 7:00 PM, Jack Craig wrote: > On Wed, Apr 13, 2022 at 3:33 PM Jonathan Billings <billings@xxxxxxxxxx> wrote: >> On Apr 13, 2022, at 18:12, Jack Craig <jack.craig.aptos@xxxxxxxxx> wrote: >>> >>> SSLCertificateFile /etc/letsencrypt/live/linuxlighthouse.com/fullchain.pem >> >> The information you’ve mentioned is not enough to understand what the actual problem is. What does “dont play nice” mean? >> >> Make sure the selinux attributes are “system_u:object_r:cert_t:s0” (which is what the selinux policy should give it by default) and that the file and the *entire path* to the file is readable by the user that runs the apache httpd (apache). >> >> Your first place to look should be the /var/log/httpd/ directory. I’m sure that if there is a problem with the cert or it’s location / permissions, it will be there. If it’s a browser problem, you really need to give an example. >> * > * > *certbot -v certonly --webroot --webroot-path /var/www/html/ --domain > linuxlighthouse.com --domain ws.linuxlighthouse.com --domain > www.linuxlighthouse.com* > * > * > *using apache plugin > * > * > * > *using the above cmd, i get,... > * > * > * > *Saving debug log to /var/log/letsencrypt/letsencrypt.log > Plugins selected: Authenticator webroot, Installer None > Certificate is due for renewal, auto-renewing... > Renewing an existing certificate for linuxlighthouse.com and 2 more > domains > Performing the following challenges: > http-01 challenge for linuxlighthouse.com > http-01 challenge for ws.linuxlighthouse.com > http-01 challenge for www.linuxlighthouse.com > Using the webroot path /var/www/html for all unmatched domains. > Waiting for verification... > Challenge failed for domain linuxlighthouse.com > Challenge failed for domain ws.linuxlighthouse.com > Challenge failed for domain www.linuxlighthouse.com > http-01 challenge for linuxlighthouse.com > http-01 challenge for ws.linuxlighthouse.com > http-01 challenge for www.linuxlighthouse.com > > Certbot failed to authenticate some domains (authenticator: webroot). > The Certificate Authority reported these problems: > Domain: linuxlighthouse.com > Type: connection > Detail: Fetching > http://linuxlighthouse.com/.well-known/acme-challenge/CsFMDVLCGsSdd4LtiWsrf57VQGiWNAS8Ht2y8n-HovM: > Timeout during connect (likely firewall problem) > > Domain: ws.linuxlighthouse.com > Type: connection > Detail: Fetching > http://ws.linuxlighthouse.com/.well-known/acme-challenge/wKB5_QWGTM6TptVYBWFMKz0Fkd92Ulphof_ovQJ4nKI: > Timeout during connect (likely firewall problem) > > Domain: www.linuxlighthouse.com > Type: connection > Detail: Fetching > http://www.linuxlighthouse.com/.well-known/acme-challenge/LKJIuPyWJsczpKYH8OXNZU8dshLwfnfZXL6U1IQfUpY: > Timeout during connect (likely firewall problem) > > Hint: The Certificate Authority failed to download the temporary > challenge files created by Certbot. Ensure that the listed domains > serve their content from the provided --webroot-path/-w and that files > created there can be downloaded from the internet. > > Cleaning up challenges > Some challenges have failed.* > > to me it looks like certbot cant write to /var/www/html/.well-known/.. > and figures i dont own the site. > > i have http & https open for the fedora FW, gotta look next at the FW > rules on the BGW210700 . > > does this ring any bells for others on this list?? Your site is not responding, it needs to be accessible to renew the cert. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
