Challenge failed for domain - Invalid response (404)

You can only --dry-run using certonly, not run :stuck_out_tongue: .

1 Like

I tried suggesting this syntax for the certificate handbook. Brad didn't like it very much. :grin:

Renewals will run into the same problem yes.

The best solution would be to find a permanent valid configuration where /var/lib/letsencrypt/http_challenges is excluded from that global deny.

2 Likes

Where do you see --dry-run there? :stuck_out_tongue:

Isn't it completely mental that you can't use --dry-run with run? I don't see a --dry-certonly or --dry-renew anywhere...

Ok,

Have reverted my /etc/httpd/conf/httpd.conf change for the / directory that was there to secure the server and now have this which works fine;

<Directory /var/lib/letsencrypt/http_challenges>
    Options None
    Order allow,deny
   Allow from all
</Directory>

<Directory />
    Options None
    Order deny,allow
    Deny from all
</Directory>

Hoping it may help someone else in future as well.

2 Likes

Glad you got it working. :partying_face:

Please remember to include both www and non-www in your certificate or you'll run into other trouble.

1 Like

Yep - I intend to run the command above as you suggested.

1 Like

That will use the apache installer. If it causes issues, just use certbot rollback to undo the changes to apache.

1 Like

By the by, to be clear, _az knows worlds more here than I do. On rare occasion I'll catch him on something (that he probably coded in the first place). :grin:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.