Invalid response 404 from working site

barrylee · November 2, 2023, 6:07pm

Running a wordpress site in AWS on EC2 ubuntu server. Using route 53 for domain services. I have done several domain checking tests and everything passes. The one problem I have is that the site takes 20 seconds to load, maybe that is the problem?

My domain is:barryleeblogs.com, www.barryleeblogs.com

I ran this command:sudo certbot --apache

It produced this output: Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: barrylee.com
Type: unauthorized
Detail: 76.223.54.146: Invalid response from http://barrylee.com/.well-known/acme-challenge/gA7zat0iD2l0PjzRqqte57oiRatyO45FqR79TzlxKJI: 404

Domain: www.barrylee.com
Type: unauthorized
Detail: 76.223.54.146: Invalid response from http://www.barrylee.com/.well-known/acme-challenge/ibtyzWf5xX0A5nhPYbdK2LlGG-77iIdxRKr5Ay8XAFw: 404

My web server is (include version):
Apache 2.4.52
The operating system my web server runs on is (include version): ubuntu 22 o4

My hosting provider, if applicable, is: Ec2 instance on AWS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.7.4

petercooperjr · November 2, 2023, 6:09pm

These are different names that look to go to different IPs; which one are you trying to set up, and which server are you running it on?

barrylee · November 2, 2023, 7:28pm

These are both the same site on the same server, in typical fashion to have the www subdomain added to the DNS record. In my DNS records they are both pointing to the same IP. And they both work. But I do know there is some kind of issue because the sites load very slow, like 20 or more seconds. So that may point to an issue but I have not found it yet.

petercooperjr · November 2, 2023, 7:37pm

barrylee.com and www.barrylee.com both resolve to the same set of IPs (at least from where I'm testing), 13.248.169.48 & 76.223.54.146.
barryleeblogs.com and www.barryleeblogs.com both resolve to 3.130.114.62.

So again, which names are you trying to set up, and which server are you running it on?

MikeMcQ · November 2, 2023, 7:47pm

Further is that barrylee.com and www.barrylee.com are not using Route53

They look to be using some sort of URL Forward or URL Redirect service from some domain name provider. That won't work for HTTPS services so if these are the names you want in your cert you should look at disabling that and using an A record for the public IP instead.

But, the barryleeblogs names do use Route53. So, as @petercooperjr has already asked please clarify which names you want a cert for.

rg305 · November 2, 2023, 7:49pm

Once the IP and site name issues are addressed...

I'd like to ensure this web service is doing what you are asking it to do:

To that end, please show the output of:
sudo apachectl -t -D DUMP_VHOSTS

barrylee · November 2, 2023, 7:55pm

Ok waht a puzzle, when I nslookup they are both using the same IP
Non-authoritative answer:
Name: barryleeblogs.com
Address: 3.130.114.62

C:\Users\Barry>nslookup www.barryleeblogs.com
Server: static-190-240-112-149.une.net.co
Address: 190.240.112.149

Non-authoritative answer:
Name: www.barryleeblogs.com
Address: 3.130.114.62

Also, I registered the domain name with Route53 and am using route53 to host it, and I created two A records for the domain and for the www both pointing to that same IP

barrylee · November 2, 2023, 7:56pm

Thanks I am going into a meeting right now and will do this ASAP when I can.

To that end, please show the output of:
sudo apachectl -t -D DUMP_VHOSTS

rg305 · November 2, 2023, 8:00pm

You missed the subtle difference of the word "blogs" in the names in question:

barrylee · November 2, 2023, 8:00pm

ok manages to get this first

Last login: Thu Nov 2 17:44:05 2023 from 181.136.50.102
ubuntu@ip-172-31-10-36:~$ sudo apachectl -t -D DUMP_VHOSTS

VirtualHost configuration:
*:80 barrylee.com (/etc/apache2/sites-enabled/barrylee.com.conf:1)

rg305 · November 2, 2023, 8:01pm

So, again...
Which is the name you want to get a cert for?:

^^ I see two domains.
barrylee.com
barryleeblogs.com

barrylee · November 2, 2023, 8:02pm

Ok this seems to indicate a misconfiguration in an apache config, let me review

rg305 · November 2, 2023, 8:03pm

^^ this file doesn't seem to cover the "www" alias.

barrylee · November 2, 2023, 8:22pm

Ok, solved, thank you so much everyone and I feel like an idiot. @rg305 gave me the answer with this sudo apachectl -t -D DUMP_VHOSTS. I did indeed have the wrong name in the conf file. I had started the project with a domain name that I thought was available, but turned out to only be for sale, so I changed it and registered a different name and forgot to go back and change the conf file. What tricked me was the the sites were coming up and working somehow, so I didn't suspect the issue. I ran certbot successfully. Now I just need to figure out why the site is still loading so slow. Thanks again to all.