Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: firstaidsuppliesonline.com
I ran this command: certbot -d firstaidsuppliesonline.com -d www.firstaidsuppliesonline.com --manual --preferred-challenges http certonly
It produced this output:
`Create a file containing just this data:
9d5drtNY8Wgph0JGrWgD251RX_UapuKMpnbe28W93iI.fqn5zYUKCYAOI_5T_Tfx9C6LKM7wPtn9zRKoFRn7lFU
And make it available on your web server at this URL:
http://firstaidsuppliesonline.com/.well-known/acme-challenge/9d5drtNY8Wgph0JGrWgD251RX_UapuKMpnbe28W93iI
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:
hMkXq0C9YncYkZ7FFAFdTNx1O5UGCF7rUVQgQNRw7hQ.fqn5zYUKCYAOI_5T_Tfx9C6LKM7wPtn9zRKoFRn7lFU
And make it available on your web server at this URL:
http://www.firstaidsuppliesonline.com/.well-known/acme-challenge/hMkXq0C9YncYkZ7FFAFdTNx1O5UGCF7rUVQgQNRw7hQ
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.firstaidsuppliesonline.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.firstaidsuppliesonline.com/.well-known/acme-challenge/hMkXq0C9YncYkZ7FFAFdTNx1O5UGCF7rUVQgQNRw7hQ: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.firstaidsuppliesonline.com
Type: unauthorized
Detail: Invalid response from
http://www.firstaidsuppliesonline.com/.well-known/acme-challenge/hMkXq0C9YncYkZ7FFAFdTNx1O5UGCF7rUVQgQNRw7hQ:
"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.`
My web server is (include version): Apache 2.4
The operating system my web server runs on is (include version): Ubuntu 16.04
My hosting provider, if applicable, is: Linode
I can login to a root shell on my machine (yes or no, or I don’t know):yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
We had no problem getting the cert initially, but now it fails to renew even when I do --manual and actually visit and confirm the 2 .well-known/ urls (it works in the browser)
Is there some way the server is sending a cached 404 as a response to the certbot command? Here is my conf and the htaccess for the wordpress folder (.well-known is a subdirectory)
CONF:
<VirtualHost *:80>
DocumentRoot /var/www/html/wordpress/
ServerName firstaidsuppliesonline.com
ServerAlias www.firstaidsuppliesonline.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html/wordpress/>
Require all granted
AllowOverride all
</Directory>
RewriteEngine on
RewriteOptions inherit
RewriteRule \.(svn|git)(/)?$ - [F]
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
</IfModule>
# RewriteCond %{SERVER_NAME} =firstaidsuppliesonline.com [OR]
# RewriteCond %{SERVER_NAME} =www.firstaidsuppliesonline.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# <IfModule mod_ssl.c>
# <VirtualHost *:443>
# DocumentRoot /var/www/html/wordpress/
# ServerName firstaidsuppliesonline.com
# ServerAlias www.firstaidsuppliesonline.com
# ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
# CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
# <Directory /var/www/html/wordpress/>
# Require all granted
# AllowOverride all
# </Directory>
# RewriteEngine on
# RewriteOptions inherit
# RewriteRule \.(svn|git)(/)?$ - [F]
# <IfModule mod_headers.c>
# Header set X-XSS-Protection "1; mode=block"
# Header always append X-Frame-Options SAMEORIGIN
# </IfModule>
# SSLCertificateFile /etc/letsencrypt/live/firstaidsuppliesonline.com/fullchain.pem
# SSLCertificateKeyFile /etc/letsencrypt/live/firstaidsuppliesonline.com/privkey.pem
# Include /etc/letsencrypt/options-ssl-apache.conf
# </VirtualHost>
# </IfModule>
(notice the HTTPS parts are commented out) and apache has been restarted several times with this config
HTACCESS:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress`
We are trying the dns challenge now, but of course that requires waiting some time for the TXT record to propagate