i see a randon comma there..
Do not modify that file ! The syntax is very fussy. The comma is fine. Minor changes can cause significant problems.
The webroot_path is where DA has told Certbot to place the challenge token file. But, the "404" in the error means your Apache is not finding that token file in that location.
Do you know how to control the DocumentRoot setting in your Apache VirtualHost for this domain?
1 Like
think so, the directives
and we may be on to something, seems some other software injected stuff
Is that the same path as in those directives?
btw, I changed the title of this thread to highlight the key issues
1 Like
Perhaps in October 
?
1 Like
Alias /.well-known/acme-challenge /usr/local/centovacast/etc/ssl/acme-challenges/.well-known/acme-challenge
<Directory /usr/local/centovacast/etc/ssl/acme-challenges/.well-known/acme-challenge>
Options None
AllowOverride None
# Apache 2.4
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
</Directory>
document root seems right
DocumentRoot /home/turbodj/public_html
commenting out that alias allowed the dry run you posted earlier to run with success
1 Like
Good. So will the actual renew. Try that now.
1 Like
says not secure but seems the site is actually working again, and it did update this time with no error
A new cert was issued and your server is using it. Try restarting your browser. They sometimes cache prior certs.
It looks good to me and other testing tools
2 Likes
Seems to be working, thank you so much! now i get toi se what all that alias broke
2 Likes
Yeah, you'll want to ask the centovacast people why they put that in there. That was trying to control the certificate requests. But, in DA not sure why you'd have some other system doing those for same domain.
2 Likes
i do have the main server using let's encrypt and then a virtual one also using the same domain, the main server being the single turbodj.com one
Not quite sure what you mean by that. An HTTP(S) request directed to your system has to end up somewhere.
Sometimes there are load balancers or CDNs or such in more complex environs but I didn't see any evidence of those here.
You can also do NAT or port forwarding or similar routing things but an HTTPS request is "terminated" by something that needs a cert. This Apache server in this case. That is, something has to see that HTTPS request (your Apache) and setup the encrypted comms using that cert. You can then have Apache proxy that request to another server but that wouldn't have to use HTTPS. Designing server configs is beyond the scope of this forum pretty much. Maybe this is helpful anyway.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.