Certbot give invalid response

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
Vetiraq.com
I ran this command:
sudo certbot --apache -d vetiraq.com -d www.vetiraq.com
It produced this output:
The following errors were reported by the server:

Domain: www.vetiraq.com
Type: unauthorized
Detail: Invalid response from
http://www.vetiraq.com/.well-known/acme-challenge/PU8eSbCWZOHEqM8HD9sB7k3kgvKYn6x0f1WMqC6oLrU
[98.179.240.162]: “\n\n404 Not
Found\n\n

Not Found

\n<p”

Domain: vetiraq.com
Type: unauthorized
Detail: Invalid response from
http://vetiraq.com/.well-known/acme-challenge/n3Jv_CgbOX_cBALj23KB9VCjigXgG1nEHQgzOnnhvoU
[98.179.240.162]: “\n\n404 Not
Found\n\n

Not Found

\n<p”

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version):
Apache 2.4.29
The operating system my web server runs on is (include version):
Ubuntu Linux 18.04
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):0.31.0

The site is up and running and was fine I am trying to renew certs that expired yesterday

1 Like

Certbot appears is doing what it is supposed to do.
LE also appears to be doing what it is supposed to do.
Your site, however, is not “playing nice”.
May we first see the output of:
apachectl -S

1 Like

here is the output of apachectl -S

root@webserver:/var/www/vetiraq_3# apachectl -S
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/webmin.1550239378.conf:1
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
192.168.1.35:443 is a NameVirtualHost
default server webserver (/etc/apache2/sites-enabled/webmin.1546173918-le-ssl.conf:2)
port 443 namevhost webserver (/etc/apache2/sites-enabled/webmin.1546173918-le-ssl.conf:2)
alias www.thebloggerspot.com
alias thebloggerspot.com
port 443 namevhost webserver (/etc/apache2/sites-enabled/webmin.1546188521-le-ssl.conf:2)
alias www.ourlifeinpixs.com
alias ourlifeinpixs.com
port 443 namevhost webserver (/etc/apache2/sites-enabled/webmin.1546214792-le-ssl.conf:2)
alias www.vetiraq.com
alias vetiraq.com
port 443 namevhost webserver (/etc/apache2/sites-enabled/webmin.1548126708-le-ssl.conf:2)
alias www.millermemories.us
alias millermemories.us
192.168.1.35:* is a NameVirtualHost
default server webserver (/etc/apache2/sites-enabled/webmin.1546173918.conf:1)
port * namevhost webserver (/etc/apache2/sites-enabled/webmin.1546173918.conf:1)
alias www.thebloggerspot.com
alias thebloggerspot.com
port * namevhost webserver (/etc/apache2/sites-enabled/webmin.1546188521.conf:1)
alias www.ourlifeinpixs.com
alias ourlifeinpixs.com
port * namevhost webserver (/etc/apache2/sites-enabled/webmin.1546214792.conf:1)
alias www.vetiraq.com
alias vetiraq.com
port * namevhost webserver (/etc/apache2/sites-enabled/webmin.1548126708.conf:1)
alias www.millermemories.us
alias millermemories.us
192.168.1.35:80 is a NameVirtualHost
default server webserver (/etc/apache2/sites-enabled/webmin.1550335148.conf:1)
port 80 namevhost webserver (/etc/apache2/sites-enabled/webmin.1550335148.conf:1)
alias www.geekscove.com
alias geekscove.com
port 80 namevhost webserver (/etc/apache2/sites-enabled/webmin.1587269132.conf:1)
alias www.thesellerscove.com
alias thesellerscove.com
*:80 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

1 Like

This is new and confusing to me:
port * namevhost
Why is the actual port not being defined?
It can’t possibly be using “all” ports! - LOL

1 Like

So if I read it right, when LE tries to connect to http://vetiraq.com, apache will look within the port 80 section for vetiraq.com and upon not finding it, it will serve up the default port 80 config (www.geekscove.com).
Which I believe is backed up by the response to this request:

curl -Iki http://www.vetiraq.com/
HTTP/1.1 200 OK
Date: Wed, 10 Jun 2020 12:38:10 GMT
Server: Apache/2.4.29 (Ubuntu)
Set-Cookie: mybb[lastvisit]=1591792690; expires=Thu, 10-Jun-2021 12:38:10 GMT; path=/; domain=.geekscove.com
Set-Cookie: mybb[lastactive]=1591792690; expires=Thu, 10-Jun-2021 12:38:10 GMT; path=/; domain=.geekscove.com
Set-Cookie: sid=02b1eda8ba857320347fa5c15bc21e52; path=/; domain=.geekscove.com; HttpOnly
Content-Type: text/html; charset=UTF-8

In case you missed it in all that:
domain=.geekscove.com

1 Like

I fixed and it works now, I use webmin and it was set to default which looks like to my uneducated mind it was looking at all ports, I told it to look for port 80, reran the command and it now works

1 Like

Much better now:

curl -Iki http://www.vetiraq.com/
HTTP/1.1 301 Moved Permanently
Date: Wed, 10 Jun 2020 13:02:24 GMT
Server: Apache/2.4.29 (Ubuntu)
Location: https://www.vetiraq.com/
Content-Type: text/html; charset=iso-8859-1
1 Like

Although I am happy that you no longer have a problem I’m a bit sad over the exchange…
You had a problem that you could not figure out.
You searched the web and found this site.
You created an account.
Opened a new topic and explained the problem to the best of your ability.
I raised a question asking for more information.
You provided that information.
I reviewed it and explained how it didn’t look right and showed how the config was not doing what you wanted.
You took that information and apparently fixed the problem.
But that leaves some unfinished business…
Where I’m from, when someone asks for help and gets it, it is customary to give some sort of acknowledgement for that effort and the benefit received.

[we don’t get paid to help anyone here and I’m not asking for money - just some curtesy]

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.