Certbot-auto renew failed, 404 error (Apache)


#1

Hello,

My domain is: metmetfamily.fr

I ran this command: sudo ./certbot-auto renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/metmetfamily.fr.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for metmetfamily.fr
http-01 challenge for www.metmetfamily.fr
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (metmetfamily.fr) from /etc/letsencrypt/renewal/metmetfamily.fr.conf produced an unexpected error: Failed authorization procedure. metmetfamily.fr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://metmetfamily.fr/.well-known/acme-challenge/4enEMlyJrC7SH_1BAS8Q842EzaaTVA8mBlkA5bavVaY: “\n\n404 Not Found\n\nNot Found\n<p”, www.metmetfamily.fr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.metmetfamily.fr/.well-known/acme-challenge/jUzIzfkPNT2ZBIN3gV4noDm7alyBN0rzSwGN__TZOHY: “\n\n404 Not Found\n\nNot Found\n<p”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/metmetfamily.fr/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/metmetfamily.fr/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

My web server is (include version): Apache/2.4.25 (Debian)

The operating system my web server runs on is (include version): Linux rock64 4.4.132-1075-rockchip-ayufan-ga83beded8524 #1 SMP Thu Jul 26 08:22:22 UTC 2018 aarch64 GNU/Linux

My hosting provider, if applicable, is: self hosting

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

.well-known directory was missing from the webroot, so I created it.
I have also created a file at webroot and it’s visible : http://metmetfamily.fr/.well-known/acme-challenge/test

Here it’s the renewal config file at : /etc/letsencrypt/renewal/metmetfamily.fr.conf
#renew_before_expiry = 30 days
version = 0.30.0
archive_dir = /etc/letsencrypt/archive/metmetfamily.fr
cert = /etc/letsencrypt/live/metmetfamily.fr/cert.pem
privkey = /etc/letsencrypt/live/metmetfamily.fr/privkey.pem
chain = /etc/letsencrypt/live/metmetfamily.fr/chain.pem
fullchain = /etc/letsencrypt/live/metmetfamily.fr/fullchain.pem

#Options used in the renewal process
[renewalparams]
authenticator = apache
installer = apache
account = b44c2576094efd9ed0914c825e466edd
server = https://acme-v02.api.letsencrypt.org/directory
webroot_path = /web/www/nextcloud/

Any idea about what’s going wrong ?


#2

It’s only visible from the HTTPS site. If you surf to this file, your browser immediately goes to the HTTPS site because of the HSTS policy of your site. If one deletes the HSTS policy from their browser and then tries the test file, they would find a 404 file not foind error.

Also, when I surf to your site through HTTP, I’m getting a very different site than your HTTPS site.

Did you change/modify your virtual hosts perhaps?


#3

Thank you, you’re right. I had forgotten a Typo3 install and its virtual host… I have disabled this conf and it’s ok now.