69.49.228.234: Invalid response

My domain is: www.CozyBroadcast.stream

I ran this command: certbot renew --force-renewal

It produced this output:

root@ip-72-167-33-188:/home/campervan# certbot renew --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/cozybroadcast.stream.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for cozybroadcast.stream and www.cozybroadcast.stream

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: cozybroadcast.stream
  Type:   unauthorized
  Detail: 69.49.228.234: Invalid response from http://cozybroadcast.stream/.well-known/acme-challenge/cTWSrqPeUP-ZiebugD9T1MuBXJwUxA7DiW7RGwC7tD8: 404

  Domain: www.cozybroadcast.stream
  Type:   unauthorized
  Detail: 69.49.228.234: Invalid response from http://www.cozybroadcast.stream/.well-known/acme-challenge/QCLMddY4DAXOEXTyfX2ypONSTUKoptnZqoYDQUBq25Y: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Failed to renew certificate cozybroadcast.stream with error: Some challenges have failed.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/cozybroadcast.stream/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@ip-72-167-33-188:/home/campervan# 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/cozybroadcast.stream.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for cozybroadcast.stream and www.cozybroadcast.stream

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: cozybroadcast.stream
  Type:   unauthorized
  Detail: 69.49.228.234: Invalid response from http://cozybroadcast.stream/.well-known/acme-challenge/AWR1AVbUDaqudHCC7cjnwSpOujdVBy8v-0n4kcyYfCo: 404

  Domain: www.cozybroadcast.stream
  Type:   unauthorized
  Detail: 69.49.228.234: Invalid response from http://www.cozybroadcast.stream/.well-known/acme-challenge/rSAx_JVcWkewYlm4TV529FJZ8kpi36WKqCZm9XTFa-k: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Failed to renew certificate cozybroadcast.stream with error: Some challenges have failed.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/cozybroadcast.stream/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Apache 2.4.41

The operating system my web server runs on is (include version): Ubuntu 20.04.2 LTS

My hosting provider, if applicable, is: NA

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Please don't use that option unless you really understand what it does and you really need to use it.

Please show the output of:
certbot certificates

And since we are dealing with Apache, also show:
sudo apachectl -t -D DUMP_VHOSTS

4 Likes

It seems that the last cert issued should still be valid:
crt.sh | 10010993464

But the hosting company may have removed/disabled your site:
SSL Server Test: cozybroadcast.stream (Powered by Qualys SSL Labs)
image

Have you spoken with your HSP?
[presumably: Newfold Digital]

4 Likes

This option does NOT magically make failing authentications succeed. Please don't use this option.

3 Likes

The issue was that someone hacked the domain registry account and changed the ip. Not at all related to ssl certification.

2 Likes

This is correct

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.