Certbot not working for me [SOLVED][my error: apache config]

Please fill out the fields below so we can help you better.

My domain is: mygnus.com

I ran this command:

certbot certonly --email tom.browder@gmail.com --force-renewal --must-staple \
    --non-interactive --webroot --agree-tos -w /var/www/acme --redirect --hsts \
    -d mygnus.com -d www.mygnus.com

It produced this output:

see githup gist: https://gist.github.com/tbrowder/3a1ba98d0f78d8c02e0a111d1f1a13c7

My web server is (include version): Apache 2.4.27

The operating system my web server runs on is (include version): Linux Debian 8 (Jessie)

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Note the following htps config lines:

# need common directory for all web sites for Let's Encrypt
Alias         /.well-known/acme-challenge     /var/www/acme
# open up just those directories we need
<Directory /var/www/acme>
  Require all granted
</Directory>

Note my Apache runs as user “apache” group “apache”.
Directory /var/www/acme and all below are owned by “apache.apache”.

I believe the issue is that you’re misunderstanding how webroot works. Webroot should point to the root of your web files, not directly to the acme-challenge directory. For instance, if www.mygnus.com/ is /var/www, then that’s the webroot you want to give it, because certbot will create the .well-known/acme-challenge directories inside of that directory. In your example above, it’s going to put challenges at www.mygnus.com/.well-known/acme-challenge/.well-known/acme-challenge.

Well, I think I have the fix which was my mistake. I made changes to the first Apache configuration line I showed in my original post which resulted in:

# need common directory for all web sites for Let's Encrypt
Alias /.well-known/acme-challenge  /var/www/acme/.well-known/acme-challenge

All works well now. Sorry for the noise.

Yup, that should allow things to route properly.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.