Invalid Response From .well-known/acme-challenge


#1

My cert expired and I am having issues renewing the cert. I have looked at some others that have had this issue but I am still not able to resolve the issue.

My domain is: https://www.withashleyandco.com/

I ran this command: sudo certbot renew

It produced this output:

IMPORTANT NOTES:

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04 (LTS)

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

What authenticator is Certbot setup to use for this domain?

grep -RE "(authenticator|installer)" /etc/letsencrypt/renewal

#3

/etc/letsencrypt/renewal/withashleyandco.com.conf:installer = apache
/etc/letsencrypt/renewal/withashleyandco.com.conf:authenticator = apache


#4

Hmm. It might be some virtualhost weirdness related to your non-www domain showing the default Apache page: http://withashleyandco.com

I wonder if you have some duplicate/name overlap in your virtualhost list:

apachectl -t -D DUMP_VHOSTS

#5

Yes I have been trying to figure out how to fix the non www but I am not sure how to fix that.

Here is the output of the command you asked me to run:

VirtualHost configuration:
*:443 withashleyandco.com (/etc/apache2/sites-enabled/withashleyandco.com-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server withashleyandco.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost withashleyandco.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost withashleyandco.com (/etc/apache2/sites-enabled/withashleyandco.com.conf:6)
alias www.withashleyandco.com
port 80 namevhost withashleyandcompany.com (/etc/apache2/sites-enabled/withashleyandcompany.com.conf:6)
alias www.withashleyandcompany.com
alias withashleyandcompany.com

I am also seeing this:

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

I also ran this and it says everything is good:

https://letsdebug.net/withashleyandco.com/16365


#6

I also placed a file in the .well-known/acme-challenge folder:

https://www.withashleyandco.com/.well-known/acme-challenge/temp.txt


#7

Alright. This is the problem.

In Apache, only one VirtualHost may hold the ServerName/ServerAlias of withashleyandcompany.com.

When you have two, only one of them takes effect, but this confuses Certbot, because it doesn’t know which ons is the real one.

Basically what you need to do is figure out which one you want to keep, and get rid of the other one.

I suspect you probably want to comment out the VirtualHost in 000-default.conf (at least, rename it from withashleyandcompany.com to something else unused). But I’m not you, you will know what makes sense for you.


#8

You are a life saver. I would have never figured that out. Thank you so much!

This is what I ended up doing:

a2dissite 000-default.conf

Then I restarted apache2 and ran certbot to renew. I think I will be setting something up to auto renew a few days before it expires this time.

Again, thank you so much for your help.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.