Question

Failed authorization procedure while trying to get SSL with lets encrypt

Hello team,

Please bear with me as i am new to the LAMP stack. I am trying to set up a new website on Apache WS running on Ubuntu 18.04. However, when i try to access the index file from my browser, i get the error below.

Bad Request Your browser sent a request that this server could not understand. Reason: You’re speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Apache/2.4.29 (Ubuntu) Server at <mydomain.com> Port 80

I have tried to troubleshoot and obtain an SSL using lets encrypt on Ubuntu 18.04. When i try to obtain the SSL certificate using the command - “sudo certbot --apache”, i get the error below;

**_user@mydomain:/etc/apache2/sites-available$ sudo certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


1: www.mydomain.com


Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter ‘c’ to cancel): 1 Obtaining a new certificate Performing the following challenges: http-01 challenge for www.mydomain.com Waiting for verification… Cleaning up challenges Failed authorization procedure. www.mydomain.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.mydomain.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.mydomain.com - check that a DNS record exists for this domain

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.mydomain.com Type: None Detail: DNS problem: NXDOMAIN looking up A for www.mydomain.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.mydomain.com - check that a DNS record exists for this domain_**

The error.log file shows the error below.

[Tue Mar 22 15:14:10.276671 2022] [core:notice] [pid 92897] AH00094: Command line: ‘/usr/sbin/apache2’ [Tue Mar 22 15:24:07.559081 2022] [mpm_prefork:notice] [pid 92897] AH00171: Graceful restart requested, doing restart [Tue Mar 22 15:24:07.612286 2022] [mpm_prefork:notice] [pid 92897] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured – resuming normal operations [Tue Mar 22 15:24:07.612305 2022] [core:notice] [pid 92897] AH00094: Command line: ‘/usr/sbin/apache2’ [Tue Mar 22 15:24:14.017792 2022] [mpm_prefork:notice] [pid 92897] AH00171: Graceful restart requested, doing restart [Tue Mar 22 15:24:14.075406 2022] [mpm_prefork:notice] [pid 92897] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured – resuming normal operations [Tue Mar 22 15:24:14.075424 2022] [core:notice] [pid 92897] AH00094: Command line: ‘/usr/sbin/apache2’


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hello,

In order for Let’s Encrypt to be able to validate your domain name, you need to make sure that your A record is pointing to the server IP address that you are running the certbot command on.

You can use the following tool to check your current active DNS records:

https://www.digitalocean.com/community/tools/dns

And you can also follow the steps on how to manage your DNS here:

https://docs.digitalocean.com/products/networking/dns/

Once you’ve made sure that your A record is correct, you can run the certbot command again.

Hope that this helps!

Best,

Bobby