Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
My web server is (include version): Apache/2.4.38 (Debian)
The operating system my web server runs on is (include version): ubuntu 22.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0
And when you get a chance...
You should remove the apt version of certbot and follow the recommended installation instructions: Certbot Instructions | Certbot (eff.org)
[installation for ubuntu 22 works same as ubuntu 20]
Hi @rg305 ! Thx for the fast response! apache says:
apache2: Could not reliably determine the server's fully qualified domain name, using 172.19.0.3. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 guggsdu.de (/etc/apache2/sites-enabled/guggsdu.de-le-ssl.conf:1)
*:443 guggsdu.de (/etc/apache2/sites-enabled/guggsdu.de-le-ssl.conf:8)
Any idea?
Here is the full confirmation file:
<VirtualHost *:80>
ServerName guggsdu.de
Redirect / https://guggsdu.de/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName guggsdu.de
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
DocumentRoot ${APACHE_DOCUMENT_ROOT}
<Directory ${APACHE_DOCUMENT_ROOT}>
allow from all
Options Indexes FollowSymLinks MultiViews
Require all granted
AllowOverride All
</Directory>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/live/guggsdu.de/fullchain.pem
SSLCertificateKeyFile /etc/apache2/ssl/live/guggsdu.de/privkey.pem
Include /etc/apache2/ssl/options-ssl-apache.conf
ServerAlias www.guggsdu.de
</VirtualHost>
</IfModule>
certbot 2.9.0 installed from snap still getting the same result.
Background: I am using a docker compose installation for my web server and the apache config files are in a virtual directory provided to the container. Same thing for the letsencrypt certificates: they are also in a directory on the host machine provided to the container.
It's also not a read/write permission issue on the server: the directory .well-known/acme-challenge/ has 775 permissions. changing that to 777 also does not change anything.
If you look in below renewal profile config does its webroot path match the value of your Apache DocumentRoot folder? You have that assigned to a variable so check the run-time value of that variable to the webroot path in the renewal config. Did your run-time variable change since your last cert?
It may work now because you have no other vhosts and that vhost is now also the default.
But once you start to add other vhosts, things might not work as you have come to expect.