Certbot Renewals - Doesn't Pass Due to Server Webroot Being Update

Please fill out the fields below so we can help you better.

My domain is: netlabexperiments.org

I ran this command:
cerbot-auto certonly --webroot -w /var/www/netlabexperiments.org/public_html -n -d netlabexperiments.org

It produced this output:

Using the webroot path /var/www/netlabexperiments.org/public_html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Unable to clean up challenge directory /var/www/netlabexperiments.org/public_html/.well-known/acme-challenge
Failed authorization procedure. netlabexperiments.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://netlabexperiments.org/.well-known/acme-challenge/h-adsudIgHHIfsaWu816czAAOQGvXw0c_951g oqeHrQ: "<!DOCTYPE html>
        <meta charset="UTF-8" />
        <meta name="robots" content="noindex,nofollow" />

 - The following errors were reported by the server:

   Domain: netlabexperiments.org
   Type:   unauthorized
   Detail: Invalid response from
   "<!DOCTYPE html>
           <meta charset="UTF-8" />
           <meta name="robots" content="noindex,nofollow" />

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): Apache 2.4.18

The operating system my web server runs on is (include version): Ubuntu LAMP 16.04

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Other details:

  1. Originally had success with certbot-auto certonly --webroot -w /var/www/netlabexperiments.org -d netlabexperiments.org about 2 months ago. Now I want to renew

  2. Have folder /var/www/netlabexperiments.org/public_html/.well-known

  3. If I create /var/www/netlabexperiments.org/public_html/.well-known/acme-challenge/ and set permissions to 755, then the folder will get deleted after running cerbot-auto ...

  4. I can create /var/www/netlabexperiments.org/public_html/.well-known/acme-challenge/ and put a test file inside, and set both permission to 755. I cannot access the file via browser nor wget. The url I would try is http://netlabexperiments.org/.well-known/acme-challenge/testFile.html

  5. I can create a test file inside either /var/www/netlabexperiments.org/public_html/ or /var/www/netlabexperiments.org/ and I am not able to access either

  6. My apache config is
    <VirtualHost *:80> ServerAdmin **email_address** ServerName netlabexperiments.org ServerAlias www.netlabexperiments.org DocumentRoot /var/ww/netlabexperiments.org/public_html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>

  7. .htaccess file is
    RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://netlabexperiments.org/$1 [R,L]

Also tried without the third line (RewriteRule …)

Hi @pj87,

Thanks for all of the detailed information about your setup and what you tried. I wish everyone asking for help here would provide us with as much detail as you did!

As I think you realize, this seems to be the core problem in this case. It will need to be fixed before you can use --webroot.

If you literally pasted the Apache configuration instead of re-typing it, then I think we've found the problem, which is the typo where you typed /var/ww instead of /var/www.

Thanks for the fast reply schoen! Unfortunately I manually re-typed it.

/etc/apache2/sites-available$ cat netlabexperiments.org.conf
<VirtualHost *:80>
        ServerAdmin **email_address**
        ServerName netlabexperiments.org
        ServerAlias www.netlabexperiments.org
        DocumentRoot /var/www/netlabexperiments.org/public_html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

Did anything else stand out?

The issue is now resolved - another admin had changed where public files were being hosted. I then updated my certbot-auto command to direct to that folder

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.