Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: I have many many domains
I ran this command: certbot renew
It produced this output: Detail: Invalid response from https://domain_name/.well-known/acme-challenge/9NRycVGsbGzcHwrguK_qrZ-i8arWsNXbUDx3w3qmL_w [54.71.242.216]: "\n\n404 Not Found\n\n
Not Found
\n<p"
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
My web server is (include version):
The operating system my web server runs on is (include version):centos 8
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): I dont know
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.17.0
@_az We have a nlb the A records point to this nlb. There are 5 nodes to the target group of this nlb. Also could you give any suggestions on how to resolve this.
As I mentioned in my last post, it looks like there are multiple distinct Apache servers responding to requests for domain_name.
If that's the case, then certbot renew (if using --apache) can't succeed, because it will only perform the required steps, at most, on a single one of those Apache servers.
I can't really say more without a detailed description of your setup.
You probably only want to use a renewal configuration file to test if you're sure that the tests for the individual domain names on the certificate associated with that renewal configuration file will authorize correctly.
I want to make something clear before proceeding: the -w parameter works with --webroot, NOT --apache. You might already know this, but since it's a somewhat common mistake, I wanted to be sure.
Please try the following command, being sure to replace the webroot path with the correct path if necessary:
The 401 Unauthorized is likely from the apache configuration file, an .htaccess file, or the permissions of the webroot directory itself (or the /.well-known/acme-challenge folder structure therein).
You should now have everything you need to use the webroot authenticator. If you try to combine domain names into one certificate, keep in mind that certbot can accept multiple -w parameters and will associate the most recent -w parameter in the command with all -d parameters to the right of it until another -w is encountered.
For example (webroot authenticator, apache installer):