Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
myaccounts.live
I ran this command:
$ sudo certbot certonly --apache --dry-run --test-cert --renew-by-default --agree-tos -d web.myaccounts.live -d webmin.myaccounts.live -d myaccounts.live
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for myaccounts.live
http-01 challenge for web.myaccounts.live
http-01 challenge for webmin.myaccounts.live
Waiting for verification...
Challenge failed for domain myaccounts.live
Challenge failed for domain web.myaccounts.live
Challenge failed for domain webmin.myaccounts.live
http-01 challenge for myaccounts.live
http-01 challenge for web.myaccounts.live
http-01 challenge for webmin.myaccounts.live
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: myaccounts.live
Type: unauthorized
Detail: 162.250.127.130: Invalid response from
http://myaccounts.live/.well-known/acme-challenge/dD5TV7HwZsytQbiIlax3Y3osbX1VWcXit7Jpmu0NxWo:
403
Domain: web.myaccounts.live
Type: unauthorized
Detail: 162.250.127.130: Invalid response from
http://web.myaccounts.live/.well-known/acme-challenge/04azeGlIT7nvy7jaa9k7huDFn6XNmidZHloKd9J4u_4:
403
Domain: webmin.myaccounts.live
Type: unauthorized
Detail: 162.250.127.130: Invalid response from
http://webmin.myaccounts.live/.well-known/acme-challenge/J8ChUMv6-54Gr8XDcKAQt1K_umlInZ1vBhdpqZT3-Mo:
403
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
$ apachectl -v
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2022-03-16T16:52:53
The operating system my web server runs on is (include version):
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.4 LTS
Release: 20.04
Codename: focal
My hosting provider, if applicable, is:
InterServer
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No control panel, only command line
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
$ certbot --version
certbot 0.40.0
I'm using the Apache for the Proxy Reverse only, and the enabled sites conf contents are seperated in three conf's:
First file:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyRequests Off
ServerName myaccounts.live
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLCertificateFile /etc/letsencrypt/live/myaccounts.live/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myaccounts.live/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost *:80>
ServerName myaccounts.live
Redirect Permanent / https://myaccounts.live/
RewriteEngine on
RewriteCond %{SERVER_NAME} =myaccounts.live
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
Second file:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyRequests Off
ServerName webmin.myaccounts.live
ProxyPass / http://localhost:4558/
ProxyPassReverse / http://localhost:4558/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/webmin.myaccounts.live/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/webmin.myaccounts.live/privkey.pem
</VirtualHost>
<VirtualHost *:80>
ServerName 'webmin.myaccounts.live'
Redirect Permanent / http://webmin.myaccounts.live/
</VirtualHost>
</IfModule>
Third file:
<VirtualHost *:80>
ServerName web.myaccounts.live
DocumentRoot /var/www/html
ProxyPreserveHost On
ProxyPass / http://localhost:4558/
ProxyPassReverse / http://localhost:4558/
</VirtualHost>
As you can see, there are old certs installed in the first and second files (myaccounts.live and webmin.myaccounts.live) and I'm trying to test renewing them and getting a new cert for the third subdomain.