Consistent operation will be key for passing multiperspective validation.
Server is back online. Same error. The "letsdebug-test" file is still in place and works from here. The apache config does redirect http requests to https, but it's always done that -- at least, after the initial cert was in place, which has been renewed multiple times already. I can disable that redirect if needed for troubleshooting.
I think that might help. I suspect this might have something to do with the TLS settings in your Apache config.
Have you tried using --apache instead of --webroot?
That will use HTTP to respond to the challenge instead of HTTPS.
One of my other domains (there are three in this configuration) is just a few days away from auto-renewing, so I changed the renew_before_expiry parameter in that config file to get it to update as well. Both domains are failing. So the last time any of my domains successfully auto-renewed must have been prior to the release of certbot 4.2.0. According to the config files, we were at 4.1.1 when I set this all up.
You might try:
certbot certonly -a apache -d www.gardnerfabrications.com --dry-run
I updated to certbot 5.0.0 to see if that made a difference, but it did not. Then I ran the suggested command. As mentioned, this is on macOS Server, which has its own interesting apache config, so it doesn't surprise me that it failed.
Saving debug log to /opt/local/var/log/letsencrypt/letsencrypt.log
Could not find ssl_module; not disabling session tickets.
Account registered.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
An RSA certificate named www.gardnerfabrications.com already exists. Do you want
to update its key type to ECDSA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(U)pdate key type/(K)eep existing key type: K
Simulating renewal of an existing certificate for www.gardnerfabrications.com
Error while running apachectl graceful.
httpd not running, trying to start
(48)Address already in use: AH00072: make_sock: could not bind to address [::]:8080
(48)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:8080
no listening sockets available, shutting down
AH00015: Unable to open logs
Unable to restart apache using ['apachectl', 'graceful']
Encountered exception during recovery: certbot.errors.MisconfigurationError: Error while running apachectl graceful.
httpd not running, trying to start
(48)Address already in use: AH00072: make_sock: could not bind to address [::]:8080
(48)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:8080
no listening sockets available, shutting down
AH00015: Unable to open logs
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /opt/local/var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
What HTTP port do you use internally for Apache?
8080?
If so, try this:
certbot certonly -a apache -d www.gardnerfabrications.com --http-01-port 8080 --dry-run
Not sure why this is helping, since the setup hasn't changed and it was working previously, but disabling the https redirect seems to have fixed the problem, or is at least a workaround.
Happy to help. 