Invalid response acme-challenge/ 400

I am getting the message:

Invalid response from http://smartvestoraltoona.com/.well-known/acme-challenge/P2OdSXwKm26FlEdNEuRHuNgnnrEu4oYdgKkM7_sNbhQ: 400

I am not sure how to fix this... it was working before I installed wordpress. I had my web sites in a different directory than the default one, but had to change that to get wordpress to work. That, I believe, is when the certbot renewal process stopped working.

I am trying to get certificates for three domain names:
portman.no-ip.biz
vimcor.com
smartvestoraltoona.com

Below is some output from the certbot process (not sure what logs / commands you would like output from):

root@portman:/var/log/letsencrypt# certbot --apache -d portman.no-ip.biz
Saving debug log to /var/log/letsencrypt/letsencrypt.log

An RSA certificate named portman.no-ip.biz-0001 already exists. Do you want to
update its key type to ECDSA?

(U)pdate key type/(K)eep existing key type: K
Renewing an existing certificate for portman.no-ip.biz

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: portman.no-ip.biz
Type: unauthorized
Detail: 216.221.7.112: Invalid response from http://portman.no-ip.biz/.well-known/acme-challenge/e17h87CMJZXJIUNaAUthr9tCDOPPgiOe45oFL6EVG8Q: 400

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Hello @GaryVass, welcome to the Let's Encrypt community.

Using Let's Debug yields these results https://letsdebug.net/portman.no-ip.biz/1414545
It is saying you have a HTTPS server on Port 80 instead of a HTTP server.

HttpOnHttpsPort
Error
A validation request to this domain resulted in an HTTP request being made to a port that expects to receive HTTPS requests. This could be the result of an incorrect redirect (such as to http://example.com:443/) or it could be the result of a webserver misconfiguration, such as trying to enable SSL on a port 80 virtualhost.
@0ms: Making a request to http://portman.no-ip.biz/.well-known/acme-challenge/letsdebug-test (using initial IP 216.221.7.112)
@0ms: Dialing 216.221.7.112
@36ms: Server response: HTTP 400 Bad Request 

Note, moved from Issuance to Help.

Thanks Bruce....
I can see what you are saying when I run the Lets Debug... I have looked over my apache configs and can not tell where https on port 80 has been configured?? Any suggestions?

Kindly wait to see if there are more knowledgeable Let's Encrypt community volunteers willing to assist.

Yes, it looks like the Wordpress install affected Apache.

Can you show result of this

sudo apachectl -t -D DUMP_VHOSTS

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:10030                portman.no-ip.biz (/etc/apache2/sites-enabled/000-default.conf:1)
*:9002                 127.0.1.1 (/etc/apache2/sites-enabled/webmin.1635545423.conf:1)
*:*                    is a NameVirtualHost
         default server portman.no-ip.biz (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port * namevhost portman.no-ip.biz (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port * namevhost smartvestoraltoona.com (/etc/apache2/sites-enabled/smartvestoraltoona.com.conf:1)
         port * namevhost vimcor.com (/etc/apache2/sites-enabled/webmin.1675970250.conf:1)

You have won the prize for the strangest looking dump_vhosts this year

Can you show the contents of this file? Please put 3 backticks before and after the contents like this:
```
contents of file
```

What is this?:
*:* is a NameVirtualHost

That was the whole print from the bash window:

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:10030                portman.no-ip.biz (/etc/apache2/sites-enabled/000-default.conf:1)
*:9002                 127.0.1.1 (/etc/apache2/sites-enabled/webmin.1635545423.conf:1)
*:*                    is a NameVirtualHost
         default server portman.no-ip.biz (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port * namevhost portman.no-ip.biz (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port * namevhost smartvestoraltoona.com (/etc/apache2/sites-enabled/smartvestoraltoona.com.conf:1)
         port * namevhost vimcor.com (/etc/apache2/sites-enabled/webmin.1675970250.conf:1)

And, I have no idea where the ': is a NameVirtualHost ; line came from??

Can you show the contents of that 000-default-le-ssl.conf file? Please put 3 backticks (not single quotes) before and after the contents like this:

```
contents of: /etc/apache2/sites-enabled/000-default-le-ssl.conf
```

ok:

<IfModule mod_ssl.c>
    <VirtualHost _default_>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        Options ExecCGI FollowSymLinks Includes IncludesNOEXEC Indexes MultiViews SymLinksIfOwnerMatch
        ServerName portman.no-ip.biz
        <Directory /var/www/html/cgi-bin>
            Options ExecCGI FollowSymLinks Includes IncludesNOEXEC Indexes MultiViews SymLinksIfOwnerMatch
        </Directory>
        <Directory /var/www/html>
            Options ExecCGI FollowSymLinks Includes IncludesNOEXEC Indexes MultiViews SymLinksIfOwnerMatch
        </Directory>
        <Directory /var/www/html>
            Options ExecCGI FollowSymLinks Includes IncludesNOEXEC Indexes MultiViews SymLinksIfOwnerMatch
            DirectoryIndex index.php
        </Directory>

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf


        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/portman.no-ip.biz-0001/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/portman.no-ip.biz-0001/privkey.pem
        DocumentRoot /var/www/html
    </VirtualHost>
</IfModule>

That should be:
<VirtualHost *:443>

ok! my dry run recertification worked, and the actual renewal worked! Thank you... been trying to find that error for a quite a while now...

/etc/apache2/sites-enabled/smartvestoraltoona.com.conf
/etc/apache2/sites-enabled/webmin.1675970250.conf

These two files look wrong too. The fix is probably not the same as the default-le-ssl.conf

Show us the contents of these if you want help

Not sure on those... those addresses are working at the moment. I would like to know how the show the url of those sites in the browser instead of it always changing back to portman.no-ip.biz For example, I want vimcor.com to show when that is typed in, but it reverts back to portman.no-ip.biz (that was a temporary name I setup to allow me to edit my pages separately from my web host... but now the web host is not working for me.)

Your VirtualHosts are not correct. See my post #15 or visit an Apache forum or maybe StackOverflow.

Below is the content of the two files you said may not look correct:

smartvestoraltoona.com.conf:

<VirtualHost *>
    DocumentRoot /var/www/html
    ServerName smartvestoraltoona.com
    <Directory /var/www/html>
        Options None
        Require all granted
    </Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =smartvestoraltoona.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

webmin.1675970250.conf:

<VirtualHost _default_>
    ServerName vimcor.com
    DocumentRoot /var/www/html
RewriteEngine on
RewriteCond %{SERVER_NAME} =vimcor.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Both of those VirtualHost statements should be:

<VirtualHost *:80>

Then, copy the smartvestoraltoona.com.conf to a new file called portman.com.conf and change the ServerName in that portman file to be the portman domain

You need these changes so that each of your 3 domains has an HTTP (port 80) VirtualHost.

There is still more work to be done but this is good next step. When done, show this again

sudo apachectl -t -D DUMP_VHOSTS

the result of sudo apachectl -t -D DUMP_VHOSTS is now:

VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server smartvestoraltoona.com (/etc/apache2/sites-enabled/portman.com.conf:1)
         port 80 namevhost smartvestoraltoona.com (/etc/apache2/sites-enabled/portman.com.conf:1)
         port 80 namevhost portman.no-ip.biz (/etc/apache2/sites-enabled/portman.no-ip.biz.conf:1)
         port 80 namevhost smartvestoraltoona.com (/etc/apache2/sites-enabled/smartvestoraltoona.com.conf:1)
*:443                  is a NameVirtualHost
         default server portman.no-ip.biz (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port 443 namevhost portman.no-ip.biz (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port 443 namevhost smartvestoraltoona.com (/etc/apache2/sites-enabled/smartvestoraltoona.com-le-ssl.conf:2)
         port 443 namevhost vimcor.com (/etc/apache2/sites-enabled/webmin.1675970250-le-ssl.conf:2)
*:*                    vimcor.com (/etc/apache2/sites-enabled/webmin.1675970250.conf:1)