i'm getting an error running certbot renew --force-rewewal
it says "Challenge failed" and then "important notes"
Domain: eyethrees.net
Type: unauthorized
Detail: Invalid response from
https://eyethrees.net/.well-known/acme-challenge/9IyeFb0pQOL2sG7UV0cYaD7NgCVeQUDUoibCPHmIu6Y
[108.161.131.209]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Do you know what Certbot “authenticator” you are using? I.e. apache or manual or something else? Should be listed in /etc/letsencrypt/renewal.conf.
The webroot authenticator relies on being able to place a file in a specific directory, and have that file be served under /.well-known/acme-challenge/. There should be another field in your renewal.conf (I don’t recall the field offhand) that specifies which directory that is. Does that directory match up with the root directory you have configured in Apache? If you put files there do they show up?
One common thing that can cause webroot authenticator to fail is if you switched over to a ProxyPass style config at some point recently.
the webroot_path is the field you’re thinking of right?
it is set to: /var/www/html/server.eyethrees.net
(that’s the server’s hostname)
there are no .well-known directories in any of my vhost directories
also, i don’t recall setting up certbot to use webroot… is that something done automatically during the cert process?
That's expected. Certbot would temporarily create it during issuance.
Yep! Lots of tutorials suggest it.
That would definitely break webroot authenticator. Try using the Apache authenticator - it should work better for you. Instructions available at https://certbot.eff.org/.