Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.kwedu.nl (using: mail.kwedu.nl)

I ran this command: sudo certbot certonly -a apache --agree-tos --staple-ocsp --email you@example.com -d mail.kwedu.nl

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.kwedu.nl
Enabled Apache rewrite module
Waiting for verification...
Challenge failed for domain mail.kwedu.nl
http-01 challenge for mail.kwedu.nl
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:
  Domain: mail.kwedu.nl
  Type: unauthorized
  Detail: Invalid response from
  http://mail.kwedu.nl/.well-known/acme-challenge/0al_3N-9uEAoyWMQgowxDyR2vp9yFl4Y_OC_XfN5fiw
  [185.227.73.98]: "\n\n404 Not
  Found\n\n

  Not Found

  \n<p"

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version): Apache/2.4.41

The operating system my web server runs on is (include version): Ubuntu Server 20.04

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

I have followed this tutorial to the letter.

It has worked until I needed to use the certbot command. I have tried searching for fixes, but I couldn't find anything relevant. To see the things i've setup precisely you can check the tutorial. I've done an online A record check and it works fine. I've also checked nmap and the correct ports are open. Can anyone help me?

Could you please post the output of:

sudo apachectl -t -D DUMP_VHOSTS

The most common problem with the Apache plugin is duplicative virtual hosts, so it could be a good place to begin searching.

Certainly. Thanks for the quick reply.
VirtualHost configuration:
*:80 is a NameVirtualHost
default server mail.kwedu.nl (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost mail.kwedu.nl (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost mail.kwedu.nl (/etc/apache2/sites-enabled/mail.kwedu.nl.conf:1)

As per the tutorial I'm trying to do this for my mail setup.

Here we see that you have two virtualhosts configured for the same domain of mail.kwedu.nl. That's not going to work, because the domain can only be mapped to one virtualhost.

You should disable the unwanted duplicate:

sudo a2dissite 000-default

(assuming that's the one you don't want), and try again.

Thank you very much. This has fixed my problem. I was trying to fix this the whole afternoon.

Sorry about that. The Certbot changelog claims that this problem was fixed in version 0.31.0, but apparently people are still running into it. Might need to look into it again.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.