/.well-known/acme-challenge/ Error 404

Discussion in 'Installation/Configuration' started by Akhilleus, Jul 5, 2019.

  1. Akhilleus

    Akhilleus Member

    Hello
    I have installed ISPconfig quite a while and now I'm trying to ssl my domain and I need to verify the ownership of the domain by uploading a file to the directory /public_html/.well-known/acme-challenge/
    In my case it's the /web/.well-known/acme-challenge/ , when doing this I get an error 404 . I have checked the page source which shows the same error . Following others topic , I have changed the VirtualHost from <VirtualHost *:80> to <VirtualHost x.y.z.q:80> . I'm using google cloud , witch it's behind a firewall , so i guess it's should look like this <VirtualHost 10.160.0.2:80> ( as example )
    But the error still persist , all the sites hosted worky perfectly , but unable to verify them by uploading the file .

    Any suggestions ? I appreciate it :)
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Upload the file to: /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/
     
  3. Akhilleus

    Akhilleus Member

    @till I don't know how to do that . I don't have a visual interface . i'm using only the terminal . Trying to upload it via FTP/SFTP but I can't . Any suggestion ?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You don't need a visual interface, you can upload it with sftp, but you have to do that as root user. Or you upload it to a website by ftp and then copy the file on the shella s root to the right folder.
     
  5. fabioganga

    fabioganga New Member

    Dear @till
    Thanks for this great product, I have ordered my manual today to support the project!
    I am having this exact same problem too, I have 4 domains on ISpConfig and for EACH one of them I have the error:


    Domain: xxxxxxxx

    Type: unauthorized

    Detail: Invalid response from

    LINK TO FILE INSIDE ACME_CHALLENGE (it doesn't let me paste it here)

    [51.254.163.240]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML

    2.0//EN\">\n<html><head>\n<title>404 Not

    Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"


    To fix these errors, please make sure that your domain name was

    entered correctly and the DNS A/AAAA record(s) for that domain

    contain(s) the right IP address.

    The DNS zone is standard, I am sure it has no errors. How can I resolve this, please?

    Thanks.
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Have you tried copying the file to web/.well-known/acme-challenge/?
    If your problem is the same, the same fix should work.
    Have you tried getting HTTPS working with your domains by clicking on the Let's Encrypt SSL item in website settings?
     
  7. fabioganga

    fabioganga New Member

    Thanks my friend, first of all, for your reply.
    In answer to your questions:
    1) I am using the automatic procedure from certbot, so issuing the command certbot --apache -d domain should it not place it in the domain's acme-challenge directory itself without any manual intervention?
    2) Yes, I have tried that, both options: selecting or deselecting SSL and Let's encrypt unfortunately does not make any difference.
    Thanks truly for your help.
     
  8. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  9. fabioganga

    fabioganga New Member

    Thanks my friend, I will try it and report back. Have a nice day!
     
  10. fabioganga

    fabioganga New Member

    Thanks @Taleman I have run the procedure detailed in that FAQ page you linked, however the problems still persists. What I find also very weird is that enabling the SSL and Let's Encrypt SSL option in the specific website has no effect at all, as the /var/log/letsencrypt/ remains unaffected (same size) and also, after a short time, the options SSL and Let's Encrypt SSL I saved in Website 1 revert back to not being selected anymore.
    The letsencrypt.log shows that I seem to have DNS problems, however the sites are working perfectly without SSL and pass DNS tests.
    I have the same shared IP address across the 4 sites, could this be a problem?
    When running the ispconfig update script, though, I find this error at the moment of reissuing the main SSL cert:

    Can't load /root/.rnd into RNG

    140059722703296:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd

    Could this be the culprit? I am running it from inside an OpenVZ VPS container.

    Thanks.
     
  11. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Are you sure you have followed the Let's Encrypt error FAQ correctly? It should show what the error is.
    That is a strange statement. Do not care about the size of that directory, look inside if there is a file containing the log for your Let's Encrypt attempt.
    Code:
    ls -lth  /var/log/letsencrypt/ | head
    So you have read the let's enrypt log? What were the DNS problems?
    Do the website settings in ISPConfig for all your site have the same entry in IP Address -field? That is, either "*" or the IP-address for all sites?
    What shows
    Code:
    ls -lh /root/.rnd
    
    Do you run ispconfig_update.sh as root?
     
  12. fabioganga

    fabioganga New Member

    Dear @Taleman
    Thanks a lot for your detailed answers!
    I was running out of time to ensure that the domains be in a good status for my project, so in the end I decided to start again from scratch, reformatting my VPS and letting ISPConfig deal with Let's Encrypt on its own as it should be.
    The problem has been solved entirely, I guessed my having used certbot manually must have screwed up several things.
    Thanks once again for your patience and support.
    One final question: does ISPConfig also take care of the cert renewals automatically?
    Thanks
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    yes
     
  14. fabioganga

    fabioganga New Member

    Thanks again @till and @Taleman !
    Have a nice day everyone and keep up the great job!
     

Share This Page