The 404 error indicated in the response below is accurate. The filename at the site is
.well-known/acme-challenge/YPaEHIfnGDjqQK93Gd42kkBTxvd2VnFRP9eigAelxjE
How do I correct the certbot configuration so that I may renew the certficate?
It produced this output:
How would you like to authenticate with the ACME CA?
1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
Select the appropriate number [1-3] then [enter] (press âcâ to cancel): 3
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewingâŚ
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for liferootacupuncture.com
Input the webroot for liferootacupuncture.com: (Enter âcâ to cancel): /u/websites/liferoot
Unable to change owner and uid of webroot directory
Waiting for verificationâŚ
Challenge failed for domain liferootacupuncture.com
http-01 challenge for liferootacupuncture.com
Cleaning up challenges
Some challenges have failed.
Liferoot Acupuncture :: 404 - Page Not Found\n <meta
http-equiv=\"Content-"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): Apache/2.0.52
The operating system my web server runs on is (include version):
linux 2.6.32-042stab108.8 i686
My hosting provider, if applicable, is: jumpline.com
I can login to a root shell on my machine (yes or no, or I donât know): no
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if youâre using Certbot):
certbot 0.36.0
Normally, that's not a problem. But if you use webroot: Have both vHosts (port 80 and port 443) the same webroot? You have to use the port 443 vHost webroot.
What says
apachectl -S
And you have a certificate with only one domain name, so your www version is unsecure. Perhaps create a certificate with both domain names (-d www....).
I know.
Is there a way to automate renewal on one network for a website an another network?
I cannot install certbot at the ISP.
The issue I had here was that the acme challenge did not match. Is a new challenge created every time a certificate is renewed?
Yes, so trying to re-use old authorization values won't work.
The HTTP-01 challenge method follows 301 redirects, while the DNS-01 challenge method follows CNAMEs. So if you make the live server redirect all of /.well-known/acme-challenge to /.well-known/acme-challenge on the other server, it's effectively delegating the ability to request certificates with HTTP validation. Similarly, if you create a CNAME from _acme-challenge in one DNS zone to _acme-challenge in another DNS zone, it's effectively deleting the ability to request certificates with DNS verification.
If it has outgoing Internet access, you could still automate renewal with the DNS method. Create some DNS domain or subdomain of your choice on DNS servers that you can update via an API. (A lot of people choose to use Cloudflare for this because they offer free DNS hosting for any domain, and have an API for updates.) Then, make a CNAME record for _acme-challenge in your regular DNS zone to point to this other zone. Give your Letâs Encrypt client the credentials to update it, and then you can do automated renewals without any inbound verification connections to your own infrastructure.