Certbot Renewals - Doesn't Pass Due to Server Webroot Being Update

pj87 · May 30, 2017, 8:31pm

Please fill out the fields below so we can help you better.

I ran this command:
cerbot-auto certonly --webroot -w /var/www/netlabexperiments.org/public_html -n -d netlabexperiments.org

It produced this output:

Using the webroot path /var/www/netlabexperiments.org/public_html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Unable to clean up challenge directory /var/www/netlabexperiments.org/public_html/.well-known/acme-challenge
Failed authorization procedure. netlabexperiments.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://netlabexperiments.org/.well-known/acme-challenge/h-adsudIgHHIfsaWu816czAAOQGvXw0c_951g oqeHrQ: "<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta name="robots" content="noindex,nofollow" />
   "

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: netlabexperiments.org
   Type:   unauthorized
   Detail: Invalid response from
   http://netlabexperiments.org/.well-known/acme-challenge/h-adsudIgHHIfsaWu816czAAOQGvXw0c_951goqeHrQ:
   "<!DOCTYPE html>
   <html>
       <head>
           <meta charset="UTF-8" />
           <meta name="robots" content="noindex,nofollow" />
      "

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): Apache 2.4.18

The operating system my web server runs on is (include version): Ubuntu LAMP 16.04

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Other details:

Originally had success with certbot-auto certonly --webroot -w /var/www/netlabexperiments.org -d netlabexperiments.org about 2 months ago. Now I want to renew
Have folder /var/www/netlabexperiments.org/public_html/.well-known
If I create /var/www/netlabexperiments.org/public_html/.well-known/acme-challenge/ and set permissions to 755, then the folder will get deleted after running cerbot-auto ...
I can create /var/www/netlabexperiments.org/public_html/.well-known/acme-challenge/ and put a test file inside, and set both permission to 755. I cannot access the file via browser nor wget. The url I would try is http://netlabexperiments.org/.well-known/acme-challenge/testFile.html
I can create a test file inside either /var/www/netlabexperiments.org/public_html/ or /var/www/netlabexperiments.org/ and I am not able to access either
My apache config is
<VirtualHost *:80> ServerAdmin **email_address** ServerName netlabexperiments.org ServerAlias www.netlabexperiments.org DocumentRoot /var/ww/netlabexperiments.org/public_html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
.htaccess file is
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://netlabexperiments.org/$1 [R,L]

Also tried without the third line (RewriteRule …)

schoen · May 30, 2017, 8:37pm

Hi @pj87,

Thanks for all of the detailed information about your setup and what you tried. I wish everyone asking for help here would provide us with as much detail as you did!

As I think you realize, this seems to be the core problem in this case. It will need to be fixed before you can use --webroot.

If you literally pasted the Apache configuration instead of re-typing it, then I think we've found the problem, which is the typo where you typed /var/ww instead of /var/www.

pj87 · May 30, 2017, 8:53pm

Thanks for the fast reply schoen! Unfortunately I manually re-typed it.

/etc/apache2/sites-available$ cat netlabexperiments.org.conf
<VirtualHost *:80>
        ServerAdmin **email_address**
        ServerName netlabexperiments.org
        ServerAlias www.netlabexperiments.org
        DocumentRoot /var/www/netlabexperiments.org/public_html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Did anything else stand out?

pj87 · May 30, 2017, 9:20pm

The issue is now resolved - another admin had changed where public files were being hosted. I then updated my certbot-auto command to direct to that folder

system · June 29, 2017, 9:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.