Http-01 challenge failed due to an unauthorized response when renewing the cert

Help
21

Among some other problems, you have the same domain name configured twice for the same port. There should be only one.

EDIT: I deleted the original info below about setting up a VirtualHost for webroot method. I just noticed you are using --apache which does not need any handling for the /.well-known/acme-challenge/ path. The --apache plugin does that for you.

You should only need a VirtualHost with this. The --apache plug-in will insert temporary code to handle the HTTP Challenge.

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot (your-path-here)
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =example.com [OR]
    RewriteCond %{SERVER_NAME} =www.example.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
4 Likes
22

Thanks to everyone for your help. The problem has been solved! Hereā€™s what I did:

  1. I kept the Apache configuration files unchanged, so all the proxy settings are still intact. (I did this after N times trying all the combinations of other configs, but none worked for me)
  2. I disabled 000-default-le-ssl.conf and 000-default.conf.
  3. After doing this, Certbot worked fine, but the result on the URL drposture.app was still not as expected. either SSL issue or not found on the server 404
  4. Initially, I was using Zsh. I then switched to Bash and ran the Certbot process again. Suddenly, the website became accessible.

I donā€™t understand how the shell could have caused the issue since, in theory, it shouldnā€™t make a difference. Does anyone have any idea why this might have happened? Could there be a problem/bug with either Zsh or Certbot?

1 Like
23

No, queries to your domain do not work correctly. There are at least two problems.

This HTTP request should redirect to HTTPS but does not. Probably related to the duplicate config I pointed out

curl -I http://drposture.app
HTTP/1.1 200 OK
Server: Apache/2.4.41 (Ubuntu)

HTTP requests to its www subdomain do redirect as they should. Probably because you have it as a ServerAlias in one of the duplicate configs but not the other.

curl -I http://www.drposture.app
HTTP/1.1 301 Moved Permanently
Server: Apache/2.4.41 (Ubuntu)
Location: https://www.drposture.app/

HTTPS requests to your base name work correctly if they should reach a Kestrel server. I assume that is your proxy so is probably correct.

But, HTTPS requests to your www subdomain fail. The cert only has your base name in it and not the www subdomain. You need to use a cert with both names. See a test site like below to view this problem

It is far more likely that your Apache config problems are the reason behind your problems. Resolve the HTTP queries and duplicate VirtualHost first. Then we can review your certificates.

3 Likes
24

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.