Issue new certificate on new server for same domain name

Hello.

I have requested a certificate for the domain name eudamedsync-test.micerium.it some time ago, which was used to secure a web server running on a VM in Azure.

Now I am trying to secure a different web server running on a different VM in Azure. Therefore I have tried to request another certificate via certbot using the same domain name which I would like to link to the IP address of the new VM.
I am getting the error reported below.

Can someone help?
NB: the old VM will be discarded and the old IP will no longer matter.

Thank you.

My domain is:
eudamedsync-test.micerium.it

I ran this command:
certbot certonly -d eudamedsync-test.micerium.it
(then 1)

It produced this output:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: eudamedsync-test.micerium.it
Type: unauthorized
Detail: 20.56.66.87: Invalid response from http://eudamedsync-test.micerium.it/.well-known/acme-challenge/Pzf3iE6M7gGzdkw_KEqasakyWdZdYnzgGidr-YWkZ0U: 404

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
Apache Tomcat 9.0 Servlet/JSP Container

The operating system my web server runs on is (include version):
MS Windows Server 2022 Datacenter Azure Edition

My hosting provider, if applicable, is:
MS Azure

I can login to a root shell on my machine (yes or no, or I don't know):
yes, via RDP

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.2.0

Welcome @dgiac

I am not entirely clear on your migration process. But, Let's Encrypt will validate the domain based on what is in the DNS currently. If your new server is at a different IP then you should adjust the DNS to be that.

Further, currently that domain has IIS Server resonding to HTTP requests for that domain. The Standalone method requires exclusive use of port 80 which is not the case with IIS involved.

You mentioned Tomcat but I don't see how that is involved.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.