I ran this command: sudo certbot --apache
It produced this output:
Requesting a certificate for decompile.com and www.decompile.com Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems: Domain: decompile.com Type: unauthorized Detail: Invalid response from http://decompile.com/.well-known/acme-challenge/M7HBlrdsSXhZgCGSsrTV5lUv_qavFyHaN33QXIcZty4 [22.214.171.124]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p" Domain: www.decompile.com Type: unauthorized Detail: Invalid response from http://www.decompile.com/.well-known/acme-challenge/FT_pNqLleLNEWAj21aBCKRe0TIcUFdV8qy_L7TpO0VI [126.96.36.199]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p" Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet. Some challenges have failed.
My web server is:
Server version: Apache/2.4.29 (Ubuntu)
Server built: 2021-11-14T23:52:18
The operating system my web server runs on is (include version): Ubuntu 18.04.6 LTS
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine Yes
I'm using a control panel to manage my site No
The version of my client is certbot 1.22.0
The /var/lib/letsencrypt/http_challenges directory is empty. Did a file not get written there?
When I manually put an .html file in the folder, I am able to access it ONLY when I do not use a '.' in the '.well-known' folder. I now have these definitions in my VirtualHost definition:
RewriteEngine on RewriteRule ^/well-known/acme-challenge/([A-Za-z0-9-_=.]+)$ /var/lib/letsencrypt/http_challenges/$1 RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=.]+)$ /var/lib/letsencrypt/http_challenges/$1
(note that I added a '.' to the regex to be able to serve 'hello.html')
http://decompile.com/well-known/acme-challenge/hello.html serves a page but the '.well-known' rule does not.
- Setting the LogLevel for the rewrite module to trace8 (lowest level) shows debug messages for the "well-known" rule but there are no debug messages for ".well-known". None of the Apache error logs on the machine have any debug messages -- so did Apache even process it as a rewrite? If not, then why not?
All help is appreciated.