Thatās what Iām talking about!!!
remove the location /.well-known section
Add this to the Apache.conf or Apache2.conf file [within the HTTP section - outside of any vhost config]: Alias /.well-known/acme-challenge/ /home/metricrat/cert/
[all vhosts will have this set]
OOOOH and make sure mod alias is actually loaded:
something like: LoadModule alias_module modules/mod_alias.so
[maybe that was the problem the whole time - apache never gripes it just moves onward]
OK, there is a lot going on in the /etc/apache2 folder !
No apparent [HTTP] section in the apache2.conf file ? What to doā¦
There is a mods-enabled folder which lists āalias.loadā and āalias.confā
(the aliases on the other virtual hosts appear to work OK, so one could surmise alias is loaded ?)
I donāt recall how to dump the full apache config.
It would be easy to search through that.
It ā¦ should be in the alias.load folder.
Try: apachectl -D DUMP_MODULES
If not there (which would explain a lot), try enabling it:
I think thatās: a2enmod alias
Here is what I have working in one of my test servers (running Apache):
In the /etc/apache2/apache2.conf file:
IncludeOptional sites-enabled/*.conf <<<< point of reference
#send all ACME challenges to this dedicated location
Alias /.well-known/acme-challenge/ /ACME-challenges/
I believe they all redirect to https (cannot get any to resolve to http)
As stated in the OP, when running sudo certbot --dry-run apart from this site, all the others reported happy to get renewed or just happy (before renewal time)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
The following certs were successfully renewed:
/etc/letsencrypt/live/carter-computing.co.uk/fullchain.pem (success)
/etc/letsencrypt/live/cyberama.co.uk/fullchain.pem (success)
/etc/letsencrypt/live/metricrat.co.uk/fullchain.pem (success)
/etc/letsencrypt/live/tsah.co.uk/fullchain.pem (success)
/etc/letsencrypt/live/www.burbush.co.uk/fullchain.pem (success)
The following certs could not be renewed:
/etc/letsencrypt/live/ai2.metricrat.co.uk/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -