Sure, This is the command we are running and the most recent request we have made.
certbot certonly --webroot -w /srv/www/letsencrypt -d intercontinentalmsp.com -d www.intercontinentalmsp.com
I removed a few things from the command but that is the general base command we use.
Every now and then we get the unauthorized response and the detail being “300 Multiple Choices” or a simple “404”.
This is my typical work flow in both situations.
I check the logs on the server to see if a request came in for the path of domain.com/.well-known/ and there is nothing. I then check to make sure the webserver is configured correctly. It is. My first guess now is that it is hitting the wrong server. I do a dig and see that the IP address is correct. I access the website and see that I am hitting the correct server. The response given appears to be Apache (due to the Doctype and such), so it definitely isn’t us unless some developer is doing some new custom stuff. I will retry a few more times to see if it was just a hiccup. It would just be nice to see what IP address is being used. It would eliminate a lot of this headache. We would know right away. It is hard to troubleshoot without seeing anything in access logs. I will
Now that I think about it, I guess this might be a certbot feature request then.