Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/up2school.com-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for up2school.com
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: up2school.com
Type: unauthorized
Detail: 135.125.202.29: Invalid response from https://up2school.com/fr/.well-known/acme-challenge/IyoRkl_Url8UKeUW2YczcarG-DI67wv3cbjOqXbLlqA: 404
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Failed to renew certificate up2school.com-0001 with error: Some challenges have failed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/up2school.com-0001/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Please show this file: /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.up2school.com [OR]
RewriteCond %{SERVER_NAME} =up2school.fr [OR]
RewriteCond %{SERVER_NAME} =up2school.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Show file that has the HTTPS vhost for up2school.com.
We either fix that file.
OR
Handle the challenge requests in HTTP [don't redirect them to HTTPS].
I'd like to see the file first to see what we're up against.
Before recommended any of the two.
I see that --dry-run test failed. But, you just got that cert 3 days ago. Can you provide more info on what changed in your server config since then?
It seems something has changed in your Apache config that causes it not to work right with the Apache plug-in. We can convert to certonly webroot but it's probably easier if we can find/fix what changed instead.
I don't think I've changed anything in the last three days.
However, we did have an initial certificate (valid until August 24th). I wanted to renew it through several methods, including through the OVH Gateway service. I didn't succeed (I had a redirection error) and I deactivated this certificate so that the site is available again. Then I finally went through Let's Encrypt. Since then, the site is sometimes 100% functional (certificate valid until December 4th) but sometimes I have an error again (certificate valid until August 24th again)
I was looking for something odd with the running Apache but don't see anything. Although I am not sure why the same info was repeated for systemctl status 3 times.
I don't see any reason for Apache to respond differently to repeated requests. The only thing I can think of to resolve that is to sudo apachectl restart. If inconsistent results still occur, a restart of the server should be tried.
I know this can be disruptive so let us know what you did and when it's done. Thanks
I try today to restart (sudo systemctl restart apache2 && sudo systemctl restart php7.4-fpm) and it seems to be ok now... It's pretty weird but it's nice if it's working