Certbot Autorenew challenge failed invalid response 404 not found

My certificates working fine for six months.
Recently, it get auto renew with error below:
Some challenges failed for mail.shiseidovn.vn
Invalid response from mail.shiseidovn.vn

{
"identifier": {
"type": "dns",
"value": "mail.shiseidovn.vn"
},
"status": "invalid",
"expires": "2020-12-23T01:43:09Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http://mail.shiseidovn.vn/.well-known/acme-challenge/JbM8mDVxQV3yejG3R9WWa_87bAzEAJLCCknGNET_PJ8 [113.161.152.93]: "\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eNot Found\u003c/h1\u003e\n\u003cp"",
"status": 403
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/173311779/20Zk1g",
"token": "JbM8mDVxQV3yejG3R9WWa_87bAzEAJLCCknGNET_PJ8",
"validationRecord": [
{
"url": "http://mail.shiseidovn.vn/.well-known/acme-challenge/JbM8mDVxQV3yejG3R9WWa_87bAzEAJLCCknGNET_PJ8",
"hostname": "mail.shiseidovn.vn",
"port": "80",
"addressesResolved": [
"113.161.152.93"
],
"addressUsed": "113.161.152.93"

Please can someone help as it urgent!
Thank you in advance.

1 Like

Hi @tranngocson999,

Which Let's Encrypt client and version are you using on this server? What command do you use to request a certificate renewal?

1 Like

Hi schoen,
certbot 0.40.0
Command: certbot renew --cert-name mail.shiseidovn.vn

I have two websites on the same server, one is okay, one is not.
I don't know why.

Something may have changed in your Apache configuration since your last renewal.
Please show the output of:
sudo apachectl -S

Hi Rudy,
Here you are:

VirtualHost configuration:
*:443 postfixadmin.shiseidovn.vn (/etc/apache2/sites-enabled/postfixadmin-le-ssl.conf:3)
*:80 is a NameVirtualHost
default server mail.shiseidovn.vn (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost mail.shiseidovn.vn (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost mail.shiseidovn.vn (/etc/apache2/sites-enabled/mail.shiseidovn.vn.conf:1)
port 80 namevhost postfixadmin.shiseidovn.vn (/etc/apache2/sites-enabled/postfixadmin.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

1 Like

There is the problem: Each name:port combination used must be unique.
One of those is probably not needed.
Review them, merge them (if needed), and reduce it to just once.

2 Likes

Hi Rudy,
Would you mind telling me how to merge them?

Do you think my problem relates to DNS record?

The "merging" would have to be a completely manual process.
Read and review their separate actions and combine whatever actions are needed into only one vhost config (and remove the other config file).

No.

Hello Rudy,
I'm not sure if this is the solution because I'm not sure what changes I have done so far.
However, I've followed your instructions to make only one vhost config. After that, I've tried again and it works.
You saved my life.
Thank you very much for your help!

It's working back:
Processing /etc/letsencrypt/renewal/mail.shiseidovn.vn.conf


Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.shiseidovn.vn
Waiting for verification...
Cleaning up challenges

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.