Error running certbot renew --force-renewal

i’m getting an error running certbot renew --force-rewewal

it says “Challenge failed” and then “important notes”

   Domain: eyethrees.net
   Type:   unauthorized
   Detail: Invalid response from
   https://eyethrees.net/.well-known/acme-challenge/9IyeFb0pQOL2sG7UV0cYaD7NgCVeQUDUoibCPHmIu6Y
   [108.161.131.209]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

any ideas how to move forward?

1 Like

Do you know what Certbot “authenticator” you are using? I.e. apache or manual or something else? Should be listed in /etc/letsencrypt/renewal.conf.

my .conf file says webroot is the authenticator

The webroot authenticator relies on being able to place a file in a specific directory, and have that file be served under /.well-known/acme-challenge/. There should be another field in your renewal.conf (I don’t recall the field offhand) that specifies which directory that is. Does that directory match up with the root directory you have configured in Apache? If you put files there do they show up?

One common thing that can cause webroot authenticator to fail is if you switched over to a ProxyPass style config at some point recently.

the webroot_path is the field you’re thinking of right?
it is set to: /var/www/html/server.eyethrees.net
(that’s the server’s hostname)
there are no .well-known directories in any of my vhost directories
also, i don’t recall setting up certbot to use webroot… is that something done automatically during the cert process?

1 Like

and i think i did add a proxypass recently too

Yep.

That’s expected. Certbot would temporarily create it during issuance.

Yep! Lots of tutorials suggest it.

That would definitely break webroot authenticator. Try using the Apache authenticator - it should work better for you. Instructions available at https://certbot.eff.org/.

2 Likes

thank you
certbot --apache was what i needed

2 Likes