For some reason, one domain won't renew

My domain is: newchurchofhope.com

I ran this command:

acme.sh --issue --webroot ~/public_html/web/newchurchofhope -d newchurchofhope.com -d www.newchurchofhope.com --staging

It produced this output:

newchurchofhope.com:Verify error:Invalid response from https://newchurchofhope.com/.well-known/acme-challenge/TjsCjkrfmoggSaUaFMPadvFtf9WUI73lsHKOjrkXEGU [23.229.140.154]:
[Mon Jun 14 12:10:40 MST 2021] Please check log file for more details: /home/taiji2014/.acme.sh/acme.sh.log

I searched the .log file and everything was fine until it said:

[Mon Jun 14 12:10:37 MST 2021] Changing owner/group of .well-known to taiji2014:nobody
[Mon Jun 14 12:10:37 MST 2021] chown: changing ownership of `/home/taiji2014/public_html/web/newchurchofhope/.well-known/acme-challenge/TjsCjkrfmoggSaUaFMPadvFtf9WUI73lsHKOjrkXEGU': Operation not permitted

I should note that moments before I had used the following commands:

acme.sh --issue --webroot ~/public_html/web/newchurchofhope -d newchurchofhope.org -d www.newchurchofhope.org --staging
acme.sh --issue --webroot ~/public_html/web/newchurchofhope -d newchurchofhope.org -d www.newchurchofhope.org --force

They both worked fine. I was trying to manually renew because I got an error message from the cron:

[Mon Jun 14 00:07:08 MST 2021] newchurchofhope.com:Verify error:Invalid response from https://newchurchofhope.com/.well-known/acme-challenge/JFJPTbd_cILOJholz7Y7CDqHzAIcneVF_c0anTetdB4 [23.229.140.154]:
[Mon Jun 14 00:07:08 MST 2021] Please add '--debug' or '--log' to check more details.
[Mon Jun 14 00:07:08 MST 2021] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Mon Jun 14 00:07:11 MST 2021] Error renew newchurchofhope.org.

My web server is (include version): Apache running on Linux
My hosting provider, if applicable, is: GoDaddy
I can login to a root shell on my machine (yes or no, or I don't know): I don't have SUDO access, but I use Putty with SH access.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, I use control panel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I'm using acme because I don't have SUDO access so I couldn't use certbot.

I have more than a dozen domains and websites, this is just one. All the rest are working fine, and the cron job is autorenewing their certificates without problems. I don't understand all of the underlying technology (you all help me all the time), so I can't figure out what the problem might be. Any help you can give would be most appreciated.
Thanks
CJ

2 Likes

Although I'm not certain why this is happening (yet)...
I can make some suggestions that might ease the troubleshooting process:

  1. don't use ~ paths; instead write the full/complete path in the command
  2. review the vhost config(s) for any /.well-known/ type locations and possible doc root overrides
  3. if all else fails, set a global alias for all requests to all sites for any /.well-known/acme-challenge/ files
    [be careful with this as it could potentially be used by any user to obtain any cert from that system]
2 Likes

Thank you most kindly. At this point, of course, I need to let you know that I don't really know how to do any of that. The commands I'm using were given to me directly by someone from this forum in a previous request. I know how to change the domain itself within these commands so that I can apply them to my other domains, but I don't have a clue how to do the rest of what you request.
Even the first instruction: not using ~. Exactly where would I "start" the full/complete path in the command? Do I start with /public_html or do I start with taiji2014 (which I don't see when I view the directory structure, but which I've seen in other places I had to use)? Or do I use https://hplconsortium.com, under which all these other webs are housed, or do I use just the domain name itself, which in this case is https://newchurchofhope.com? I'm using a shared hosting system on GoDaddy.

Can you explain where to find the vhost config(s), and how to tell if there are any /.well-known/ type locations? What is a doc root override?

How would I set a global alias for all requests to all sites? Again, in the past, people here have helped me set up the .htaccess file, but later I had a programmer work with me and we replaced them all with these two lines:
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}

I thought that was a global alias to all sites, but I'm not sure.
Any help you can provide would be much appreciated.

Thanks
CJ

2 Likes

The simplest way to determine the full path can be done with these two simple steps:

  1. cd ~/public_html/web/newchurchofhope
  2. pwd

[if all went well, you should see a full path that ends with "/public_html/web/newchurchofhope"]

This, however, kind of changes things a bit:

[not sure how you can be running .acme-sh within such]

Start with:
apachectl -S

You can grep the directory, or each individual file (shown with apachectl -S), for the contents of that string.

Well, typically each vhost config has a single document root (path).
But sometimes, some requests need to be directed to an alternate path/root.
That can be done in several ways.
Typically location blocks are used to handle such "locations" in specific ways.
One being setting an alternate document root (for that single location).
[i.e. all http://site/folderX/ might be handled "normally" while http://site/folderZ/ might need to be handled uniquely.]

That can be done with an alias statement within the main config (above vhost config blocks).

I personally don't like .htaccess files and would not promote their use.
Those two lines would redirect HTTP requests to HTTPS.
They can be included in any HTTP vhost configs that have been HTTPS enabled.

It depends where in the code it appears.
But I wouldn't think it to make much sense globally; as that may interfere with any new sites (that aren't yet HTTPS enabled).

2 Likes

Thanks!
First, I wasn't able to use the cd ~/public_html/web/newchurchofhope command because it would tell me the directory doesn't exist. But once I figured out you just wanted me to get into the directory for that website, I just stepped up to the root (cd ..) and then did a dir to see what the directories were until I could get back down into the newchurchofhope folder. Here is the absolute path:
/home/taiji2014/public_html/web/newchurchofhope

Of course, that couldn't be the problem, however since the exact same command was used for newchurchofhope.org and that worked. It only didn't work for newchurchofhope.com.

I don't have SUDO rights, but I do have SH rights. I use putty to connect and can run commands directly that way. Again - I had lots of help to figure this out.

But apparently (and it would make sense) that I don't have the ability to run anything called apachectl -S. I don't have access to the apache directory. There is an acme.sh directory, but I would imagine that apache is much higher on the food chain than my shared directory.

Basically I should focus on how newchurchofhope.com is different from newchurchofhope.org. They are just two different aliases for the same website (which is housed in /home/taiji2014/public_html/web/newchurchofhope). The .org one works, and the .com one doesn't work. But I don't know why. Maybe you can't have both going to the same website. In which case I can set up a dummy site and put a redirect command in the index.html that sends the person to the newchurchofhope.org. Would that make sense?

Or I can just delete the newchurchofhope.com so it doesn't go anywhere. I really don't need it since the .org one is up and running, and it is a non profit organization.

Thanks again, so much, for all your help.
CJ

2 Likes

Welcome Back to the Let's Encrypt Community, CJ :slightly_smiling_face:

As the resident GoDaddy cPanel shared hosting guy, I feel like I can probably lend a hand here. The way that GoDaddy and cPanel handle things are quite different than standard hosting setups. I'm assuming that you have the "deluxe" hosting package, which puts your "primary" domain name in public_html and additional domain names in subfolders under public_html.

Finding the path is relatively easy if you look in File Manager in cPanel:

You'll notice that the part after /home is just the username for your shared hosting instance.

You won't find any Apache VirtualHosts accessible to you with shared hosting, so there's no point in looking for them.

It's unusual to see the /web before the containing folder for the actual website (/newchurchofhope). Typically, this would just be /public_html/newchurchofhope. What we're concerned with here are "addon domains".

You'll notice from the ("No addon domains are configured.") message in my screenshot that I don't currently have any addon domains on this hosting account (and thus only have the "primary" domain name active with its content in public_html).


When it comes to newchurchofhope.org and newchurchofhope.com, you'll want to decide which one is going to be the "actual" domain name. This is because all of the links and email addresses and such in the website itself will need to point to one or the other. It would also be terrible for user experience and search engine optimization (SEO) to have two "doors" to the same content. I suspect that you will likely want to permanently (301) redirect the .com to the .org. This will mean that the .com will not have any actual website content. The .com will be an addon domain (and thus have its own subfolder), but there won't really be anything in its subfolder. You could use an "Alias" in cPanel for the .com, but you'll just run into the aforementioned issues.

3 Likes

It really depends on the panel used - I don't use GoDaddy for much, so I can't really help there.
But you should be able to point multiple domain names to the same folder.

3 Likes

Thanks so very much, all of you.
After I made this request, I found out that GoDaddy moved my websites to a different server. I don't know how much of this is related to that move. All I know is that I've been having trouble with the renewals and failed cron jobs since then (which, of course, only makes sense since the IP address of my whole website has changed).
I just got another message and tried again to do a manual renewal, but it didn't work. Then I discovered that my whole website was down. I called GoDaddy and it appears they are having difficulty with the move. They said to wait until tomorrow, so I'll try again then.
In any case, I wanted to thank you all for helping me.
CJ

2 Likes

You are quite welcome! :slightly_smiling_face:

Hopefully GoDaddy will get things fully resolved in short order.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.