Can renew www but not non-www

I was able to create a certificate for my www.domainname but not the host name minus www.

My domain is: newsiqapp.com

I ran this command: certbot renew

It produced this output:
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.newsiqapp.com
http-01 challenge for newsiqapp.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (newsiqapp.com) from /etc/letsencrypt/renewal/newsiqapp.com.conf produced an unexpected error: Failed authorization procedure. newsiqapp.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://newsiqapp.com/.well-known/acme-challenge/0WA11qX1mDJqIp835hRDW7e00uu-8EBTbB5zXYtAcdM [142.93.67.196]: “\n\n404 Not Found\n\n

Not Found

\n<p”. Skipping.
The following certs could not be renewed:
/etc/letsencrypt/live/newsiqapp.com/fullchain.pem (failure)

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.1 LTS

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.26.1

Hi @phreaqo

your configuration looks inconsistent ( https://check-your-website.server-daten.de/?q=newsiqapp.com ):

Domainname Http-Status redirect Sec. G
http://www.newsiqapp.com/
142.93.67.196 301 https://www.newsiqapp.com/ 0.206 A
http://newsiqapp.com/
142.93.67.196 200 0.210 H
https://newsiqapp.com/
142.93.67.196 200 1.636 N
Certificate error: RemoteCertificateNameMismatch
https://www.newsiqapp.com/
142.93.67.196 200 1.320 B
http://www.newsiqapp.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
142.93.67.196 301 https://www.newsiqapp.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.210 A
Visible Content: Moved Permanently The document has moved here . Apache/2.4.29 (Ubuntu) Server at www.newsiqapp.com Port 80
http://newsiqapp.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
142.93.67.196 404 0.206 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.29 (Ubuntu) Server at newsiqapp.com Port 80
https://www.newsiqapp.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 0.870 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.29 (Ubuntu) Server at www.newsiqapp.com Port 443

www is redirected to https, non-www not. Same with /.well-known/acme-challenge.

Looks like your port 80 configuration uses different vHosts.

What says

apachectl configtest
apachectl fullstatus
apachectl -S

Hi Juergen. Thanks for the reply. Here is the apache output:

root@newsiqapp:~# apachectl configtest
AH00112: Warning: DocumentRoot [/var/www/roundcube] does not exist
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using newsiqapp.com. Set the ‘ServerName’ directive globally to suppress this message
Syntax OK

root@newsiqapp:~# apachectl fullstatus
/usr/sbin/apachectl: 113: /usr/sbin/apachectl: www-browser: not found
‘www-browser -dump http://localhost:80/server-status’ failed.
Maybe you need to install a package providing www-browser or you
need to adjust the APACHE_LYNX variable in /etc/apache2/envvars

root@newsiqapp:~# apachectl -S
AH00112: Warning: DocumentRoot [/var/www/roundcube] does not exist
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using newsiqapp.com. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server mondesiretech.com (/etc/apache2/sites-enabled/mondesiretech.com-le-ssl.conf:2)
port 443 namevhost mondesiretech.com (/etc/apache2/sites-enabled/mondesiretech.com-le-ssl.conf:2)
alias www.mondesiretech.com
port 443 namevhost newsiqapp.com (/etc/apache2/sites-enabled/newsiqapp.com-le-ssl.conf:5)
alias www.newsiqapp.com
port 443 namevhost projectrex.net (/etc/apache2/sites-enabled/projectrex.net-le-ssl.conf:2)
alias www.projectrex.net
*:80 is a NameVirtualHost
default server newsiqapp.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost newsiqapp.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost mondesiretech.com (/etc/apache2/sites-enabled/mondesiretech.com.conf:1)
alias www.mondesiretech.com
port 80 namevhost newsiqapp.com (/etc/apache2/sites-enabled/newsiqapp.com.conf:1)
alias www.newsiqapp.com
port 80 namevhost projectrex.net (/etc/apache2/sites-enabled/projectrex.net.conf:1)
alias www.projectrex.net
port 80 namevhost newsiqapp.com (/etc/apache2/sites-enabled/roundcube.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

There

you have different vHosts with the same server name newsiqapp.com.

Every combination of port and vHost should be unique.

Rename your default server (another domain name, perhaps not used / not existing), so only

/etc/apache2/sites-enabled/newsiqapp.com.conf

is used. Then recheck your domain to see if it is consistent.

1 Like

Thanks Juergen! Renaming 000-default.conf works like a charm!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.