Http-01 challenge failed - HTTP 404

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: matthewpoletiek.com

I ran this command:
sudo /usr/local/bin/certbot-auto --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): mpoletiek@skylaski.com


Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory


(A)gree/©ancel: A


Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.


(Y)es/(N)o: Y

Which names would you like to activate HTTPS for?


1: matthewpoletiek.com
2: www.matthewpoletiek.com
3: skylaski.com
4: www.skylaski.com
5: technomystics.com
6: www.technomystics.com


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for matthewpoletiek.com
http-01 challenge for skylaski.com
http-01 challenge for technomystics.com
http-01 challenge for www.matthewpoletiek.com
http-01 challenge for www.skylaski.com
http-01 challenge for www.technomystics.com
Waiting for verification…
Challenge failed for domain www.skylaski.com
http-01 challenge for www.skylaski.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.skylaski.com
    Type: unauthorized
    Detail: Invalid response from
    http://www.skylaski.com/.well-known/acme-challenge/tNVG-cZjHhJ1awSPRTUB1w3P65AUDzuZYyjDB_sTs1k
    [34.83.219.174]: “\n\n404 Not
    Found\n\n

    Not Found

    \n<p”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

  • We were unable to subscribe you the EFF mailing list because your
    e-mail address appears to be invalid. You can try again later by
    visiting https://act.eff.org.

My web server is (include version):
Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1c

The operating system my web server runs on is (include version):
Ubuntu 19

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.2.0

1 Like

Hi @mpoletiek

what says

apachectl -S

PS: Checking your domain - https://check-your-website.server-daten.de/?q=skylaski.com - there is no Apache.

Server: Camp Fire Node 0

That may be the reason --apache doesn’t work. Perhaps switch to webroot if you use another webserver.

1 Like

Hi!

Here is the output. I’m definitely using apache. The Server tag is masked.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using www.skylaski.com. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:80 is a NameVirtualHost
default server www.skylaski.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost www.skylaski.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost www.matthewpoletiek.com (/etc/apache2/sites-enabled/matthewpoletiek.conf:1)
alias matthewpoletiek.com
port 80 namevhost www.skylaski.com (/etc/apache2/sites-enabled/skylaski.conf:1)
alias skylaski.com
port 80 namevhost www.technomystics.com (/etc/apache2/sites-enabled/technomystics.conf:1)
alias technomystics.com
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: MODSEC_2.5
Define: MODSEC_2.9
User: name=“www-data” id=33 not_used
Group: name=“www-data” id=33 not_used

1 Like

There

you see your problem. Two port 80 vHosts with the same domain name www.skylaski.com. Rename your default server, then again apachectl -S to see, if this is fixed.

Every combination of port and domain name must be unique.

PS: With such a vHost configuration, it may be better to create one certificate per main domain name (with the main domain and the www subdomain).

So you have different port 443 vHosts.

2 Likes

Yup. I just saw that. Thanks for suggesting ‘apachectl -S’

Now I have a new issue… :confused:

mpoletiek@www:~$ sudo certbot-auto --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
An unexpected error occurred:
ValueError: Requesting acme-v02.api.letsencrypt.org/directory: Network is unreachable
Please see the logfiles in /var/log/letsencrypt for more details.

mpoletiek@www:~$ ping acme-v02.api.letsencrypt.org
PING ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248) 56(84) bytes of data.
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=1 ttl=61 time=8.16 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=2 ttl=61 time=8.50 ms
^C
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 8.157/8.329/8.501/0.172 ms

Network issue was temporary it seems. Tried again a few moments later and it worked. Thank you so much!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.