Invalid response creating certificate

Help
1

My domain is:
wtxcotton2.uashubs.com
I ran this command:
sudo certbot --apache
It produced this output:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: wtxcotton2.uashubs.com
Type: unauthorized
Detail: Invalid response from http://wtxcotton2.uashubs.com/.well-known/acme-challenge/-zKsxr3iXGWuJ8BRgQFxYUJLb-Ee03a3Iz1tTnLdqEA [150.136.168.180]: "\n\n404 Not Found\n\n

Not Found

\n<p"

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
My web server is (include version):
Apache/2.4.41
The operating system my web server runs on is (include version):
20.04.3 LTS (Focal Fossa)
My hosting provider, if applicable, is:
Oracle OCI
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.18.0

1 Like
2

As with most Apache problems, I usually find it best to start with the output of:
sudo apachectl -t -D DUMP_VHOSTS
OR
sudo apachectl -S

1 Like
3

Response:
VirtualHost configuration:
*:443 is a NameVirtualHost
default server agrilife.hub.gdslab.org (/etc/apache2/sites-enabled/agrilife.hub.gdslab.org-le-ssl.conf:2)
port 443 namevhost agrilife.hub.gdslab.org (/etc/apache2/sites-enabled/agrilife.hub.gdslab.org-le-ssl.conf:2)
alias www.agrilife.hub.gdslab.org
port 443 namevhost agrilife.uashubs.com (/etc/apache2/sites-enabled/agrilife.uashubs.com-le-ssl.conf:2)
alias www.agrilife.uashubs.com
*:80 wtxcotton2.uashubs.com (/etc/apache2/sites-enabled/wtx_cotton.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="ubuntu" id=1001
Group: name="ubuntu" id=1001

I have 2 previous certificates installed.

1 Like
4

Well, there is a file to handle that name.
Let's have a look at at it:
cat /etc/apache2/sites-enabled/wtx_cotton.conf

1 Like
5

Response:

<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	ServerName wtxcotton2.uashubs.com
	ServerAlias www.wtxcotton2.uashubs.com
	ServerAdmin hamdori@gmail.com
	DocumentRoot /var/www/html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
RewriteEngine off
RewriteCond %{SERVER_NAME} =wtxcotton2.uashubs.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
1 Like
6

Well something is definitely preventing that vhost from being served.
The vhost clearly shows that ALL requests should be redirected to HTTPS.
But we can see from the failed LE challenge request:

it hasn't been redirected.

My own test confirms no sign of redirection:

curl -Iki http://wtxcotton2.uashubs.com/
HTTP/1.1 200 OK
Date: Thu, 26 Aug 2021 22:37:47 GMT
Server: Apache/2.4.41 (Ubuntu)
Set-Cookie: PHPSESSID=c89kp3htlneu2om1ql1ue00pgh; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
1 Like
7

Please show this output and don't delete any lines:

1 Like
8

Response:

VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server agrilife.hub.gdslab.org (/etc/apache2/sites-enabled/agrilife.hub.gdslab.org-le-ssl.conf:2)
         port 443 namevhost agrilife.hub.gdslab.org (/etc/apache2/sites-enabled/agrilife.hub.gdslab.org-le-ssl.conf:2)
                 alias www.agrilife.hub.gdslab.org
         port 443 namevhost agrilife.uashubs.com (/etc/apache2/sites-enabled/agrilife.uashubs.com-le-ssl.conf:2)
                 alias www.agrilife.uashubs.com
*:80                   wtxcotton2.uashubs.com (/etc/apache2/sites-enabled/wtx_cotton.conf:1)
1 Like
9

hmm...
Weird that there is NO default shown for *:80

Please show:
ls -l /etc/apache2/sites-enabled/

1 Like
10

Response:
total 8

lrwxrwxrwx 1 root root 64 Apr 17 21:36 agrilife.hub.gdslab.org-le-ssl.conf -> /etc/apache2/sites-available/agrilife.hub.gdslab.org-le-ssl.conf
lrwxrwxrwx 1 root root 61 Apr 19 22:09 agrilife.uashubs.com-le-ssl.conf -> /etc/apache2/sites-available/agrilife.uashubs.com-le-ssl.conf
lrwxrwxrwx 1 root root 34 Aug 18 18:58 wtx_cotton.conf -> ../sites-available/wtx_cotton.conf
1 Like
11

It says:

and you only showed three lines?
Please show them all.

At least three more lines are left unshown.
And likely where the problem may lie.
OR
I am confused... and we just need to look at those three to find your problem.
[well two others, we already saw one of them]

1 Like
12

I am showing them all actually. Not sure why it says 8 and only have these.

1 Like
13

OK (more weirdness - lol)

Show files:
cat /etc/sites-enabled/agrilife.hub.gdslab.org-le-ssl.conf
cat /etc/sites-enabled/agrilife.uashubs.com-le-ssl.conf

Maybe some... hidden files? [we'll circle back to that if we can't find the problem elsewhere]

1 Like
14

Response:

cat /etc/apache2/sites-enabled/agrilife.hub.gdslab.org-le-ssl.conf
EMPTY

cat /etc/apache2/sites-enabled/agrilife.uashubs.com-le-ssl.conf
EMPTY
15

EMPTY????

hmm...

Try them with sudo:
sudo cat ...

And also:
sudo ls -la /etc/apache2/sites-enabled/

1 Like
16

Also EMPTY. They belong to a another instance. The current instance is currently a copy of the first. The first instance is currently Stopped.

1 Like
17

And they share the same IP?

Please also show:
sudo ls -la /etc/apache2/sites-enabled/

1 Like
18

No, they don't shared the same IP.

Response:

total 16
drwxr-xr-x 2 root root 4096 Aug 26 21:59 .
drwxr-xr-x 8 root root 4096 Aug 26 22:33 ..
lrwxrwxrwx 1 root root   64 Apr 17 21:36 agrilife.hub.gdslab.org-le-ssl.conf -> /etc/apache2/sites-available/agrilife.hub.gdslab.org-le-ssl.conf
lrwxrwxrwx 1 root root   61 Apr 19 22:09 agrilife.uashubs.com-le-ssl.conf -> /etc/apache2/sites-available/agrilife.uashubs.com-le-ssl.conf
lrwxrwxrwx 1 root root   34 Aug 18 18:58 wtx_cotton.conf -> ../sites-available/wtx_cotton.conf
1 Like
19

Which instance owns?:

1 Like
20

The current one. This is accessible from the browser.

1 Like