On Mon, 2024-09-09 at 14:01 +0200, Markus Schönhaber wrote: > 09.09.24, 13:37 +0200, Patrick O'Callaghan: > > > I've been using Certbot for my personal website for some time, but > > started getting errors in the journal. A manual invocation produced > > this: > > > > Certbot failed to authenticate some domains (authenticator: apache). > > The Certificate Authority reported these problems: > > Domain: bree.org.uk > > Type: connection > > Detail: 82.69.61.82: Fetching > > http://bree.org.uk/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxx > > : Error getting validation data > > > > Hint: The Certificate Authority failed to verify the temporary > > Apache configuration changes made by Certbot. Ensure that the listed > > domains point to this Apache server and that it is accessible from > > the internet. > I see this when trying to connect to port 80: > > > ~ LANG=C curl -Iv http://bree.org.uk/ > > * Host bree.org.uk:80 was resolved. > > * IPv6: (none) > > * IPv4: 82.69.61.82 > > * Trying 82.69.61.82:80... > > * connect to 82.69.61.82 port 80 from 192.168.178.80 port 43026 failed: No route to host > > * Failed to connect to bree.org.uk port 80 after 51 ms: Could not connect to server > > * closing connection #0 > > curl: (7) Failed to connect to bree.org.uk port 80 after 51 ms: Could not connect to server > > and the on port 443: > > > ~ LANG=C curl -I https://bree.org.uk/ > > HTTP/1.1 401 Unauthorized > > Date: Mon, 09 Sep 2024 11:56:34 GMT > > Server: Apache/2.4.62 (Fedora Linux) OpenSSL/3.2.2 > > WWW-Authenticate: Basic realm="Restricted" > > Content-Type: text/html; charset=iso-8859-1 > > To me it seems, you have made quite sure that no-one can access your > site unless they use HTTPS and know the credentials - does Let's encrypt?. I understand the problem, which matches what I expected. What I don't understand is what has changed since this used to work, given that AFAIK I haven't altered anything. And I figured it out: port 80 was closed in the firewall, duh. That's what changed since before, nothing to do with httpd. Fixed now. Thanks. poc -- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
