1

Hopefully you can shed some light on what might be going on here:

I have migrated website cutit.sk from external VPS on my private server. I also have several domains, which are meant to redirect traffic to cutit.sk ( vyrez.sk, cut-center.com )

In fact, I have migrated like 10 websites ( totally like 100 domains ), thats why Im using ports to access them. My vhost conf looks like: 

Listen 662

<VirtualHost *:662>
    ServerName webserver
    ServerAlias *.cutit.sk *.vyrez.sk *.cut-center.com
    DocumentRoot /var/www/html/cutit
    <Directory /var/www/html/cutit>
        Options -Indexes +FollowSymLinks +MultiViews
        AllowOverride All
        Require all granted
    </Directory>
    <FilesMatch \.php$>
        SetHandler "proxy:unix:/var/run/php/php5.6-fpm.sock|fcgi://localhost/"
    </FilesMatch>
</VirtualHost>

I'm getting several errors when requesting SSL via LetsEncrypt & certbot: 

Domain: www.cut-center.com
   Type:   connection
   Detail: Fetching
   http://www.cut-center.com/.well-known/acme-challenge/twxT3FlJDb3RwjmqaBJLlLh_ev5bWpxQy7euo08OI5c:
   Error getting validation data

Looks like Certbot is trying to validate request accessing local folder - which does not exist - as its only domain.

So, the questions are: How should I bypass this? Or what would be the correct approach?

Not sure if its important to mention, but: DNS of cutit.sk itself does not yet point to my server ( I have another error for that ) - but that's intended, I'm gonna change A record later. cut-center.com and vyrez.sk have A records pointing on my server, but those domains are not yet redirecting to cutit.sk ( I'm kinda new in this project, not sure why ).

Thank you!

Rot-man
  • 327
  • 2
  • 9
Drahoš Maďar
  • 111
  • 4

1 Answers1

3

Roughly speaking, if you want to request a Let's Encrypt certificate for a hostname / domainname that does not point to the system that you run certbot on, then you can't authenticate and validate that you are authorized to and control the domain name by responding to a web request made to that host-/domain-name.

You will need to use a different method to authenticate, such as for instance with one of the DNS plugins or with the Manual method listed in the manual https://certbot.eff.org/docs/using.html#dns-plugins

When the hostnames do point to your server, but those sites listen on ports other than 80 or 443, then use the --webroot option to write the challenge response files in the document root of the site that does listen on port 80/443

HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • I had updated A records of cut-center.com to point on server wheres certbot ( where I have migrated db + migrated text files for main domain - cutit.sk ). So this should be correct - right? – Drahoš Maďar Mar 19 '19 at 14:05
  • The default HTTP port is 80. You seem to be running your webserver on port 662. That's not going to work unless you change either the webserver config or the certbot config so that they are in agreement on which port to use. – Jenny D Mar 19 '19 at 16:12