Error 404 when trying to get a Certtificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:dawn2.systemcv.org.uk

I ran this command:certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email peter.byrne@systemcv.org.uk -d dawn2.systemcv.org.uk

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dawn2.systemcv.org.uk
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. dawn2.systemcv.org.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://dawn2.systemcv.org.uk/.well-known/acme-challenge/bXfGeOszZGL7L3qnk6aeaYS6WRsHDvXVJy5IZLga3Xk [217.155.230.148]: “\n\n404 Not Found\n\n

Not Found

\n<p”

My web server is (include version):latest Apache

The operating system my web server runs on is (include version):Ubuntu 18.04 LTS

My hosting provider, if applicable, is:me

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

Additional Info: I am trying to create a mailserver for domain g8mcv.me.uk on server dawn2.systemcv.org.uk
by following the instructions at https://www.linuxbabe.com/mail-server/setup-basic-postfix-mail-sever-ubuntu

Currently, this mail domain is on a different server which is self-certificated

I have minimal knowledge of Apache or any web server and do not intend to use it other than to get the certicifcate to use with Postfix/Dovecot. So, I have no idea if it is set up correctly - I just followed the instructions given on the website above.

If I try accessing http://dawn2.systemcv.org.uk from an external device it displays the default Apache welcome page, so the connectivity appears to be OK.

Hi @systemcv

if that command doesn't work, Certbot doesn't understand your Apache configuration.

What says

apachectl -S

VirtualHost configuration:
*:80 is a NameVirtualHost
default server dawn2.systemcv.org.uk (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost dawn2.systemcv.org.uk (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost dawn2.systemcv.org.uk (/etc/apache2/sites-enabled/dawn2.systemcv.org.uk.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex watchdog-callback: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

There

you see the problem.

Two identical combinations port + vHost.

Merge these definitions in one definition, remove (disable) the other, restart, try it again.

Every combination of port and domain name must be unique.

Took me a while to figure out how to clean up the Apache config,but it all now works properly and I have been able to obtain a certificate successfully.

Many thanks for your help.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.