Apache/ubuntu 20 : Website accessible on browser but Invalid response from certbot

My domain is: admin.altmo.app

I ran this command: sudo certbot certonly --apache -d admin.altmo.app

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for admin.altmo.app

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: admin.altmo.app
Type: unauthorized
Detail: 157.245.101.5: Invalid response from http://admin.altmo.app/.well-known/acme-challenge/W-aEbkHeJ6WXf1zY-lMFGtEh_uLgqSfdQ28KXxtaduo: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 20.04.4 LTS
My hosting provider, if applicable, is:
Digital Ocean
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.6.0

Hi @bkrram,

Could you check that you don't have two overlapping VirtualHost definitions that cover that domain name? E.g.

sudo grep -r admin.altmo.app /etc/apache2

If you have two, Certbot might pick one to use to try to satisfy the certificate authority challenge, but it might not happen to pick the same one that Apache picks to serve your site content from.

This is the output of that
/etc/apache2/sites-available/admin.altmo.conf: ServerName admin.altmo.app
/etc/apache2/sites-available/admin.altmo.conf: ServerAlias www.admin.altmo.app

This is my conf file contents

<VirtualHost *:80>
        ServerName admin.altmo.app
        ServerAlias www.admin.altmo.app
        ServerAdmin webmaster@localhost
        DocumentRoot /home/deploy/websites/altmo_python
        <Directory /home/deploy/websites/altmo_python>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Require all granted
        </Directory>


        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine off
</VirtualHost>

I removed the ServerAlias also but no luck

You can try:

certbot -i apache -a webroot -w /home/deploy/websites/altmo_python -d admin.altmo.app

That worked! Thanks a ton! Just for my info, why did the --apache did not work and what makes this work?

The usual reason that --apache doesn't work is that something funny is going on with the virtual hosts in the Apache configuration. apachectl -t -D DUMP_VHOSTS usually reveals what that is.

--webroot worked because it is simpler, but the downside is that you have to provide the document root of your website (which you did when you posted the contents of your virtual host).

Great, thanks again!

Actually, I think this might be the reason that --apache didn't work. --apache relies on the rewrite module to do its magic, and if it is disabled in the middle of the virtual host, this breaks it.

I remember helping another user who ran into the same thing.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.