Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for searxwibastr.ddnss.de
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (searxwibastr.ddnss.de) from /etc/letsencrypt/renewal/searxwibastr.ddnss.de.conf produced an unexpected error: Failed authorization procedure. searxwibastr.ddnss.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://searxwibastr.ddnss.de/.well-known/acme-challenge/1KorcrObBJUg1509WdqR9UtV0enOPwGnJ4CtqMPIbfQ [79.241.250.34]: “\n<html xmlns=“http://www.w3.org/1999/xhtml” lang=“en” xml:lang=“en”>\n\n <meta charset=“UTF-8” />\n <met”. Skipping.
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
Apache 2.4
The operating system my web server runs on is (include version):
Ubuntu 18.04 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.28.0
I am running a searx-instance and nextcloud on my server. For my nextcloud certbot works fine. Only for searx there are the above mentioned errors.
I got a certificate for the searx domain once but renewal wont work.
My vhosts are seperated and my config is consistent (both with <VirtualHost *:80> and same for 443).
How do I update certbot btw.?
I added the repository but if I try to force the update by executing sudo apt-get install --only-upgrade certbot
it tells me that I am using the latest version, which is not true.
This is the most common log entry:
[Fri Mar 01 06:25:02.158428 2019] [mpm_prefork:notice] [pid 3975] AH00171: Graceful restart reque
sted, doing restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 20
03:d8:2bfe:5400:20c:29ff:fe67:aa00. Set the 'ServerName' directive globally to suppress this mess
age
Also there are tons of entrys like this:
[Fri Mar 01 03:14:44.464416 2019] [php7:error] [pid 9447] [client 132.232.88.174:13980] script '/
var/www/html/index.php' not found or unable to stat
I forget some output from dump_vhosts:
AH00526: Syntax error on line 18 of /etc/apache2/sites-enabled/nextcloud-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/wibastr.ddnss.de/fullchain.pem' does not exist or is empty
But that's strange. For my nextcloud domain certbot runs as expected.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 2003:d8:2bfe:5400:20c:29ff:fe67:aa00. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server wibastr.ddnss.de (/etc/apache2/sites-enabled/nextcloud-le-ssl.conf:2)
port 443 namevhost wibastr.ddnss.de (/etc/apache2/sites-enabled/nextcloud-le-ssl.conf:2)
port 443 namevhost searxwibastr.ddnss.de (/etc/apache2/sites-enabled/searx-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server 2003:d8:2bfe:5400:20c:29ff:fe67:aa00 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 2003:d8:2bfe:5400:20c:29ff:fe67:aa00 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost wibastr.ddnss.de (/etc/apache2/sites-enabled/nextcloud.conf:1)
port 80 namevhost searxwibastr.ddnss.de (/etc/apache2/sites-enabled/searx.conf:1)