Issue with acme-challenge over Apache

Hi everyone.
This is now 2 days I’m having issue setting up new certificate using letsencrypt and certbot on my servers.

The issue : Whatever I try, I always got the 404 issue while trying the acme-challenge

The details.
I try to validate my domain using the comman "sudo certbot -v --apache -d “subdomain.domain.lu”

I’m using Apache VirtualHost with Separate rule for :80 and :443 (:443 using proxypass for a tomcat application)

My temporary “http website” is on /opt/letsencrypt folder and I can reach http://subdomain.domain.lu/index.html without issues.

Here is what my /etc/apache2/sites-available/002-subdomain.conf looks like

<VirtualHost *:80>
        ServerName subdomain.domain2.local

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyPreserveHost On
        ProxyPass /subdomain/ http://subdomain.domain2.local:8080/subdomain/
        ProxyPassReverse /subdomain/ /subdomain/
        Redirect "/" "/subdomain/"
</VirtualHost>

<VirtualHost *:80>
        ServerName subdomain.domain.lu
        ServerAdmin webmaster@localhost

        LogLevel Info
        ErrorLog ${APACHE_LOG_DIR}/errorCERTBOT.log
        CustomLog ${APACHE_LOG_DIR}/accessCERTBOT.log combined

        DocumentRoot /opt/letsencrypt
</VirtualHost>

<VirtualHost *:443>
        ServerName subdomain.domain.lu

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        
        ProxyPreserveHost On
        ProxyPass /subdomain/ http://subdomain.domain2.local:8080/subdomain/
        ProxyPassReverse /subdomain/ /subdomain/

        Redirect "/" "/subdomain/"
</VirtualHost>

I added those lines in my /etc/apache2/apache2.conf file :

<Directory /opt/letsencrypt>
        #Options Indexes FollowSymLinks
        #AllowOverride None
        Require all granted
</Directory>
<Directory /var/lib/letsencrypt/http_challenges>
            Options Indexes FollowSymLinks
            #AllowOverride None
            Require all granted
 </Directory>

I looked deeper while it is validation, I can see a file (with random key) is created under /var/lib/letsencrypt/http_challenges and a rewrite rule is added in my apache virtualhost config file (and removed automatically after)

I aso tried to put a file under /opt/letsencrypt/.well-known, => I can reach it on http page.
If I put a file on /opt/letsencrypt/.well-known/acme-challenge folder, I ALWAYS get a 404

I’m not using any .htaccess files.
Logs files only says me “we ot a 404 erreoe while trying to acce the key”

Could anyone help me find the issue or any cause of this non-validation of the challenge. This 404 error is just driving me crazy !

Thanks

Hi @Dergonic

please answer the following questions. That's the standard template of #help


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi Juergen

Sure, here are the required details :

  • Domain is : Can’t say because of professional reasons.

  • I ran this command : “sudo certbot -v --apache -d subdomain.domain.lu”

  • It produces this output (I only pasted the end due to long outpu (-v option):
    Failed authorization procedure. subdomain.domain.lu (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://subdomain.domain.lu/.well-known/acme-challenge/AOtqF-4W1M7qLrqeRh5GP30qpgbNVQqOvmAEWS22gwM [178.251.165.59]: “\n\n404 Not Found\n\n

    Not Found

    \n<p”

    IMPORTANT NOTES:

  • My web server is apache 2.4.29

  • My operating system is ubuntu 18.04.1 LTS

  • Hosting provider : Local machine on HyperV infrastructure

  • I can login as root

  • I’m not using any control panel to manage the server/website

  • Certbot version is 0.31.0

PS : I don’t have any AAAA DNS rule (I’m not using any IPv6)
subdomain.domain.lu rule is a CNAME to subdomain2.domain.lu
Subdomain2.domain.lu is a A record to server’s IP

Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.