i'm getting an error running certbot renew --force-rewewal
it says "Challenge failed" and then "important notes"
Domain: eyethrees.net Type: unauthorized Detail: Invalid response from https://eyethrees.net/.well-known/acme-challenge/9IyeFb0pQOL2sG7UV0cYaD7NgCVeQUDUoibCPHmIu6Y [108.161.131.209]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
any ideas how to move forward?
Do you know what Certbot “authenticator” you are using? I.e. apache or manual or something else? Should be listed in /etc/letsencrypt/renewal.conf.
my .conf file says webroot is the authenticator
The webroot authenticator relies on being able to place a file in a specific directory, and have that file be served under /.well-known/acme-challenge/. There should be another field in your renewal.conf (I don’t recall the field offhand) that specifies which directory that is. Does that directory match up with the root directory you have configured in Apache? If you put files there do they show up?
One common thing that can cause webroot authenticator to fail is if you switched over to a ProxyPass style config at some point recently.
the webroot_path is the field you’re thinking of right?
it is set to: /var/www/html/server.eyethrees.net
(that’s the server’s hostname)
there are no .well-known directories in any of my vhost directories
also, i don’t recall setting up certbot to use webroot… is that something done automatically during the cert process?
and i think i did add a proxypass recently too
Yep.
That's expected. Certbot would temporarily create it during issuance.
Yep! Lots of tutorials suggest it.
That would definitely break webroot authenticator. Try using the Apache authenticator - it should work better for you. Instructions available at https://certbot.eff.org/.
thank you
certbot --apache was what i needed
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.