Error DNS A/AAAA renew certificate

Hi, dears.
I’m renewing my cloud certificate, but I had no luck, I hope you can help me, thank you very much in advance.

My domain is: cloud.independencia.cl

I ran this command: certbot renew --dry-run

It produced this output:

Domain: cloud.independencia.cl
Type: unauthorized
Detail: Invalid response from
https://cloud.independencia.cl/.well-known/acme-challenge/Ws_5aCa8trvMNhwaHmTIHUlAVRFmU4pYa4hlTWj3JIc
[200.54.169.251]: “\n\n404 Not
Found\n\n

Not Found

\n<p”

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version): Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): CentOS Linux 7 (Core)

My hosting provider, if applicable, is: redirected sub-domain

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.39.0

Thank you very much.

1 Like

Hi @seltone

there is a redirect http -> https. So you can’t use --apache as authenticator.

Your output is incomplete, your authenticator isn’t visible.

What’s the content of your Certbot config file?

There are some checks of your domain, last is ~~11 hours old - https://check-your-website.server-daten.de/?q=cloud.independencia.cl

There is the same redirect visible.

Looks like that OwnCloud has it’s own rules. Perhaps try to use webroot with your https webroot.

1 Like

Thank you for responding so promptly, this is certbot’s configuration:

renew_before_expiry = 30 days

version = 0.39.0
archive_dir = /etc/letsencrypt/archive/cloud.independencia.cl
cert = /etc/letsencrypt/live/cloud.independencia.cl/cert.pem
privkey = /etc/letsencrypt/live/cloud.independencia.cl/privkey.pem
chain = /etc/letsencrypt/live/cloud.independencia.cl/chain.pem
fullchain = /etc/letsencrypt/live/cloud.independencia.cl/fullchain.pem

Options used in the renewal process

[renewalparams]
post_hook = service httpd reload
account = e4e130d384525765cd66b69a04c7e2ec
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = webroot
webroot_path = /var/www/html/
rsa_key_size = 4096
[[webroot_map]]
cloud.independencia.cl = /var/www/html/owncloud

Is this really what this file says? It should presumably be cloud.independencia.cl rather than cloud.independenciacl here.

not estimated, when copying or writing I omitted it, sorry, but the original is .cl, thanks for joining this thread.

Pd. I edited the commentary, now it’s correct. thank you

Is /var/www/html/owncloud the right directory to place files into in order to have them appear on https://cloud.independencia.cl/ at the corresponding relative paths? Can you test that by creating test files?

Yes, I did it with both directories, and neither succeeded.

mkdir -p /var/www/html/.well-known/acme-challenge/
[root@owncloud renewal]# cd /
[root@owncloud /]# echo -n “Testing webroot acme challenge” > /var/www/html/.well-known/acme-challenge/test
[root@owncloud /]# curl -ikL https://cloud.independencia.cl/.well-known/acme-challenge/test
HTTP/1.1 404 Not Found
Date: Mon, 13 Jan 2020 19:15:57 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.22
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Length: 229
Content-Type: text/html; charset=iso-8859-1

404 Not Found

Not Found

The requested URL /.well-known/acme-challenge/test was not found on this server.

[root@owncloud /]# mkdir -p /var/www/html/owncloud/.well-known/acme-challenge/
[root@owncloud /]# echo -n “Testing webroot acme challenge” > /var/www/html/owncloud/.well-known/acme-challenge/test
[root@owncloud /]# curl -ikL https://cloud.independencia.cl/.well-known/acme-challenge/test
HTTP/1.1 404 Not Found
Date: Mon, 13 Jan 2020 19:17:21 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.22
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Length: 229
Content-Type: text/html; charset=iso-8859-1

404 Not Found

Not Found

The requested URL /.well-known/acme-challenge/test was not found on this server.

Thank you for your help.

Could you identify a different directory that would work instead with your current Apache configuration?

yes, perform a test, in the /var/www/html directory

It seems that this directory is not correct. Could you look in your Apache configuration to find out where files are being served from on this system? (It might be possible to find this with sudo apachectl -S or a similar command.)

This was the result. Thank you.

[root@owncloud ~]# httpd -S
VirtualHost configuration:
*:80 cloud.independencia.cl (/etc/httpd/conf.d/cloud.independencia.cl.conf:1)
*:443 is a NameVirtualHost
default server cloud.independencia.cl (/etc/httpd/conf.d/cloud.independencia.cl.conf:8)
port 443 namevhost cloud.independencia.cl (/etc/httpd/conf.d/cloud.independencia.cl.conf:8)
port 443 namevhost cloud.independencia.cl (/etc/httpd/conf.d/ssl.conf:56)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html/owncloud”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: “/run/httpd/httpd.pid”
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG

Could you try creating /var/www/html/owncloud/test as a further test?

yes, perform a test, in the /var/www/html/owncloud directory

That’s interesting; could you now try just /.well-known without /.well-known/acme-validation? For example /var/www/html/owncloud/.well-known/test.html?

no answer :cold_sweat:

1 Like

I have an answer, but I still can’t renew, I mistakenly revoked the certificate :frowning: , it is still possible to renew?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.