Challenge failed for domain

burkhartbn · October 13, 2020, 6:29am

Greetings,

I'm trying to obtain a certificate for my domain mail.music-guru.com

The error below does not occur for any other certificates that I have,
so i'm not sure why this is occuring for this virtual host only.

My domain is: mail.music-guru.com

I ran this command:
sudo certbot --apache --agree-tos --redirect --uir --hsts --staple-ocsp --must-staple -d mail.music-guru.com --email brian@music-guru.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.music-guru.com
Waiting for verification...
Challenge failed for domain mail.music-guru.com
http-01 challenge for mail.music-guru.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

- The following errors were reported by the server:*
Domain: mail.music-guru.com*
Type: unauthorized*
Detail: Invalid response from*
http://mail.music-guru.com/.well-known/acme-challenge/PWzMljYKXfbaaJoM8NcNvmyMra10sxv0vRwIEC9aBMA*
[50.82.204.98]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML*
2.0//EN">\n\n404 Not*
Found\n\n

Not Found
\n<p"*
To fix these errors, please make sure that your domain name was*
entered correctly and the DNS A/AAAA record(s) for that domain*
contain(s) the right IP address.*

My web server is (include version):
Server version: Apache/2.4.41 (Ubuntu)
<VirtualHost *:80>
ServerName mail.music-guru.com

    DocumentRoot /var/www/mail.music-guru.com

The operating system my web server runs on is (include version):
Linux Mint 20
Linux mail.music-guru.com 5.4.0-48-generic #52-Ubuntu SMP Thu Sep 10 10:58:49 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0

_az · October 13, 2020, 6:31am

When I visit http://mail.music-guru.com/, I see the default index.html from /var/www/html.

That doesn't match the configuration that you've posted.

Could you verify that you don't have any duplicate virtual hosts configured for that domain?

sudo apachectl -t -D DUMP_VHOSTS

burkhartbn · October 13, 2020, 6:33am

brian@mail:/var/www$ sudo apachectl -t -D DUMP_VHOSTS
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using mail.music-guru.com. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server postfixadmin.music-guru.com (/etc/apache2/sites-enabled/postfixadmin-le-ssl.conf:3)
port 443 namevhost postfixadmin.music-guru.com (/etc/apache2/sites-enabled/postfixadmin-le-ssl.conf:3)
port 443 namevhost rainloop.music-guru.com (/etc/apache2/sites-enabled/rainloop-le-ssl.conf:3)
port 443 namevhost cause2reflect.com (/etc/apache2/sites-enabled/www.cause2reflect.com-le-ssl.conf:3)
alias www.cause2reflect.com
port 443 namevhost fancypompuppies.com (/etc/apache2/sites-enabled/www.fancypompuppies.com-le-ssl.conf:3)
alias www.fancypompuppies.com
port 443 namevhost karrielynnshow.com (/etc/apache2/sites-enabled/www.karrielynnshow.com-le-ssl.conf:3)
alias www.karrielynnshow.com
port 443 namevhost music-guru.com (/etc/apache2/sites-enabled/www.music-guru.com-le-ssl.conf:3)
alias www.music-guru.com
*:80 is a NameVirtualHost
default server mail.music-guru.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost mail.music-guru.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost mail.music-guru.com (/etc/apache2/sites-enabled/mail.music-guru.conf:1)
port 80 namevhost postfixadmin.music-guru.com (/etc/apache2/sites-enabled/postfixadmin.conf:24)
port 80 namevhost rainloop.music-guru.com (/etc/apache2/sites-enabled/rainloop.conf:1)
port 80 namevhost cause2reflect.com (/etc/apache2/sites-enabled/www.cause2reflect.com.conf:1)
alias www.cause2reflect.com
port 80 namevhost fancypompuppies.com (/etc/apache2/sites-enabled/www.fancypompuppies.com.conf:1)
alias www.fancypompuppies.com
port 80 namevhost karrielynnshow.com (/etc/apache2/sites-enabled/www.karrielynnshow.com.conf:1)
alias www.karrielynnshow.com
port 80 namevhost music-guru.com (/etc/apache2/sites-enabled/www.music-guru.com.conf:1)
alias www.music-guru.com

_az · October 13, 2020, 6:37am

There's the dupes.

Try:

sudo a2dissite 000-default

and then retry your original Certbot request.

burkhartbn · October 13, 2020, 6:38am

Thanks so much for the help! That solved my problem

Challenge failed for domain

Not Found