My domain is: app.dailynclexchallenge.com

I ran this command: sudo /usr/local/bin/certbot-auto certonly -d app.dailynclexchallenge.com --webroot -w /var/www/html

It produced this output: Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: app.dailynclexchallenge.com
  Type: unauthorized
  Detail: Invalid response from
  http://app.dailynclexchallenge.com/.well-known/acme-challenge/88XzSg-2ZtGvJPRAAz4r5n43gW8neQdj9TokL1JrpE8
  [18.190.73.107]: “\n\n404 Not
  Found\n\n

  Not Found

  \n<p”

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version): Apache/2.4.41 (Amazon)

The operating system my web server runs on is (include version): Amazon Linux AMI 2018.03

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.1.0

It appears that the script doesn’t create a .well-known or acme-challenge directory, nor does it create the random file it checks, and thus generates a 404.

As to the insult to injury, now apparently because of the script failures I have hit Let’s Encrypt’s rate limit (which seems a bit wonky, since I’m not actually successfully creating a certificate,) and thus I cannot continue testing.

Not to sound like an old curmudgeon, but can’t a fella get a download of the certificate vs. jumping through certbot land, at least as a temporary fix?

How very frustrating.

Are you sure that is your webroot for domain: app.dailynclexchallenge.com

Testing is to be done on the TESTING environment (--staging)
No wonder you hit a rate limit !

Yep, that’s the webroot.

Yeah, the --staging flag would have definitely been useful. Wish I’d known about it!

Thanks for the --staging tip, but I’m still in the same boat. Even using sudo, certbot-auto doesn’t seem to create the folders or the document needed.

Apache can be somewhat… “difficult” to troubleshoot.
Especially when things appear to be running as expected.

Let’s review the basics.
Please show:
apachectl -S
and the vhost config for domain: app.dailynclexchallenge.com

apachectl -S:

VirtualHost configuration:

*:443 ip-172-31-82-254.ec2.internal (/etc/httpd/conf.d/ssl.conf:56)

ServerRoot: “/etc/httpd”

Main DocumentRoot: “/var/www/html/”

Main ErrorLog: “/etc/httpd/logs/error_log”

Mutex proxy: using_defaults

Mutex authn-socache: using_defaults

Mutex ssl-cache: using_defaults

Mutex default: dir="/var/run/httpd/" mechanism=default

Mutex mpm-accept: using_defaults

Mutex cache-socache: using_defaults

Mutex authdigest-opaque: using_defaults

Mutex watchdog-callback: using_defaults

Mutex proxy-balancer-shm: using_defaults

Mutex rewrite-map: using_defaults

Mutex ssl-stapling-refresh: using_defaults

Mutex authdigest-client: using_defaults

Mutex ssl-stapling: using_defaults

PidFile: “/var/run/httpd/httpd.pid”

Define: DUMP_VHOSTS

Define: DUMP_RUN_CFG

User: name=“webapp” id=498 not_used

Group: name=“webapp” id=496 not_used

vhost config (comments removed because of formatting issues )

Listen 443 https

SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog

SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300

SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin

SSLCryptoDevice builtin

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on

SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3

SSLHonorCipherOrder on

SSLCertificateFile /etc/pki/tls/certs/localhost.crt

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

<FilesMatch “.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars

<Directory “/var/www/cgi-bin”>
SSLOptions +StdEnvVars

BrowserMatch “MSIE [2-5]”
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x “%r” %b”

An additional complication is that this is a Laravel app, which is rewriting requests from /var/www/html to /var/www/html/public - not sure if that’s causing issues or not.

Hi @techguy12

then you have to use that directory in your command.

Create the two subdirectories

/var/www/html/public/.well-known/acme-challenge

there a file (file name 1234), then check, if you can load that file via

http://app.dailynclexchallenge.com/.well-known/acme-challenge/1234

That must work if the webroot is correct.

Apachectl only shows port 443
Where is the port 80?

Short answer: switched from AWS to a more “standard” ISP, ran certbot on a fresh install, and it ran like a top. I appreciate the help, everyone!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.