Thanks for taking the time to look at this issue more closely.
run the same command with -vvv as additional option.
Then you should see that certbot creates a location directive to
another directory. Check, if that directory exists. If not, create it
and add correct file permissions (755).
I created the needed directories and changed ownership and permissions
ls -ld /var/www/html
drwxr-xr-x 11 www-data www-data 4096 2019-02-24 22:37 /var/www/html/
ls -ld /var/www/html/ps1schreiber
drwxr-xr-x 3 www-data www-data 4096 2019-02-28 00:48 /var/www/html/ps1schreiber/
ls -ld /var/www/html/ps1schreiber/.well-known
drwxr-xr-x 3 www-data www-data 4096 2019-02-28 00:48 /var/www/html/ps1schreiber/.well-known/
ls -ld /var/www/html/ps1schreiber/.well-known/acme-challenge
drwxr-xr-x 2 www-data www-data 4096 2019-02-28 00:48 /var/www/html/ps1schreiber/.well-known/acme-challenge/
sudo certbot --apache -d ps1schreiber.com -d www.ps1schreiber.com
But got the same 403 error
What can be causing this??
Your configuration looks completely different. Redirects http ->
https, same with /.well-known/acme-challenge, but your / redirects to
/.well-known/acme-challenge doesn’t show that redirect (
I’ve run into the ideosyncrazy of ping reporting a different domain
name then the one you’re pinging.
ping -c1 affordablesouthwesthomes.com
PING affordablesouthwesthomes.com (188.8.131.52) 56(84) bytes of data.
64 bytes from www.winetreefarm.com (184.108.40.206): icmp_seq=1 ttl=252 time=60.3 ms
ping -c1 www.affordablesouthwesthomes.com
PING www.affordablesouthwesthomes.com (220.127.116.11) 56(84) bytes of data.
64 bytes from www.winetreefarm.com (18.104.22.168): icmp_seq=1 ttl=252 time=65.2 ms
ping -c1 ps1schreiber.com
PING ps1schreiber.com (22.214.171.124) 56(84) bytes of data.
64 bytes from corinneswine.com (126.96.36.199): icmp_seq=1 ttl=252 time=60.8 ms
ping -c1 www.ps1schreiber.com
PING www.ps1schreiber.com (188.8.131.52) 56(84) bytes of data.
64 bytes from corinneswine.com (184.108.40.206): icmp_seq=1 ttl=252 time=63.4 ms
Although ping may at times report a different domain name than what’s
being pinged, both redirect to their secure sites. So they do work.
At different times of the day ping will report a different domain name. Very
All these sites are virtual domains served from an apache2 server running on
Here are images of their DNS ZONE settings
Here are copies of their vhost settings
Any insights you can share would be greatly appreciated.