New certificate fails - invalid response /.well-known/acme-challenge

I have installed on my raspberry pi apache and wanted to create a new certificate for my domain.

I have created my domain via no-ip and configured the dyndns in the fritzbox settings. I have also created a virtual host and installed certbot with the follwing link:

But while executing "sudo certbot --apache" I get the following error message:

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: "Domain deleted"
  Type:   unauthorized
  Detail: "Domain deleted": Invalid response from http://"Domain deleted"/.well-known/acme-challenge/HTptNJcGtYB1e0I7jfNU-a8hAeY2upza0daUrEWP0Po: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

I have tried a lot with some hints but none of these worked for me.
Is there anybody who could help me?

Thanks in advance

In order to validate a certificate request via HTTP authentication, you will need to provide access to your site via HTTP.

Can the Internet reach?:
http://"Domain deleted"/

If not, start fixing the problem there.
If yes, hmm... I see you mention Apache - start troubleshooting that with:
apachectl -t -D DUMP_VHOSTS

Yes this is possible now.
I have tried it multiple times with Google Chrome and it automatically redirects me to the https website. Using Microsoft Edge or the inkognito tab of Google Chrome is working. Could this weird behaviour be a reason or is it a peculiarity of my browser settings?

The output of "apachectl -t -D DUMP_VHOSTS" is:

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
"ext. IP":80       "Domain deleted" (/etc/apache2/sites-enabled/"Domain deleted".conf:1)
"int. IP":80      "int. IP" (/etc/apache2/sites-enabled/localhost.conf:1)

That is likely NOT doing what it seems to be trying to do.
Using "ext. IP":80 on a system that doesn't actually have that IP in ifconfig, would fail to ever match.
And all connections would go to the "Default" [which is unclear; as you have obscured way too much].
Try removing the IPs from the bindings.
If they have unique names (one with an IP, one with "Domain deleted"), that should be enough separation.

Best of luck to you and your secrecy.

You mean removing the domain name in the virtual host configuration or we do I have to remove the IPs from the bindings?

I mean use something like:
<VirtualHost *:80>
NOT
<VirtualHost 10.11.12.13:80>

Use something like:
ServerName some.real.name;
NOT
ServerName 10.11.12.13;

Ok this I have changed now.
The output of "apachectl -t -D DUMP_VHOSTS" looks now different:

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server localhost (/etc/apache2/sites-enabled/localhost.conf:1)
         port 80 namevhost localhost (/etc/apache2/sites-enabled/localhost.conf:1)
         port 80 namevhost "Domain deleted" (/etc/apache2/sites-enabled/"Domain deleted".conf:1)
                 alias www."Domain deleted"

I have created two virtual hosts to separate private and public pages. Websites in the private folder should only be accessible within the same network and files in the public folder should only be accessible from the public domain.

That is much better now

Now you can retry:
sudo certbot --apache

Thanks a lot, it was working now!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.