The operating system my web server runs on is (include version):
Debian 9
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
I’d probably be able to solve this on my own, except certbot takes pains to under every configuration change it does, so I can’t experiment with the system.
This is a fairly default installed Apache. The error logs show this:
[Sun Oct 07 04:09:09.789266 2018] [access_compat:error] [pid 30349] [client 66.133.109.36:45256] AH01797: client denied by server configuration: /var/lib/letsencrypt/http_challenges/nXsevA0ileMH29CjB6UKYkuNL52WrExFx_3rr3mqvtU
I just ran “certbot-auto”, and selected two domain names (practical-pl.org and www.practical-pl.org. It seems to have correctly sent out the challenge, but the CA failed to get the response due to the above mentioned 403.
The 403 also appears in the usual server logs, so I’m fairly confident the request was sent out correctly.
It uses a <directory< directive to direct the traffic to /var/lib/letsencrypt/http_challenges/
When I replace that with a symbolic link, it works
Using the webroot authentication would probably work (I tried once, and got an error saying it couldn’t communicate with the VA, and I could get the files with my browser), but I’m worried that auto-renewal would be much more difficult.