Certbot can't find challenge file when adding subdomain

I’m trying to add a domain to my LE certificate. Although I’ve added domains before, something seems to be amiss.

Specifically
sudo certbot renew --dry-run confirms that a renewal is possible, thus all subdomains can respond with a challenge file.

HOWEVER
sudo certbot certonly --cert-name mysite.com --expand -d mysite.com,www.mysite.com,oldsubdomain.mysite.com,newsubdomain.mysite.com

will return 404 for every subdomain it tries to hit.

Domain: oldsubdomain.mysite.com
   Type:   unauthorized
   Detail: Invalid response from
   http://oldsubdomain.mysite.com/.well-known/acme-challenge/QQsj9SA-tnlzRCvCK8ZrknATkqfwcr0V77d9PR9zKaE:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

However, if I manually visit http://oldsubdomain.mysite.com/.well-known/acme-challenge/test, I receive the challenge file (obviously I manually create the test file I’m accessing)

Does anyone know what’s going on here?

Are you being prompted for webroots for each domain? If Certbot is using the same webroot directory for every domain name, it might not be correct for each of them.

I think there will be a difference in where Certbot gets the webroot between renew and certonly. When you --expand, you may want to individually specify them again (one -w preceding each -d and specifying the -d entries separately) for this purpose. Would that make sense?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.