Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
Server version: Apache/2.4.41 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 20.04.4 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0
Output 'sudo apachectl-S':
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server 127.0.1.1 (/etc/apache2/sites-enabled/default-ssl.conf:2)
port 443 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/default-ssl.conf:2)
port 443 namevhost midgard.crabdance.com (/etc/apache2/sites-enabled/nextcloud-le-ssl.conf:2)
*:80 midgard.crabdance.com (/etc/apache2/sites-enabled/nextcloud.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
And now the renewal is failing...
We should have a look at the file: /etc/apache2/sites-enabled/nextcloud.conf
[which is where we should be handling the challenge requests]
Your Apache VirtualHost for port 80 is redirecting all requests to HTTPS and your HTTPS VirtualHost redirects the acme-challenge request to your login page. You need the server to respond with the acme challenge token value instead. There are many ways to correct this. One is to update your rewrite rules by adding this line immediately afterRewriteEngine on
RewriteRule ^/\.well-known/.+ - [END]
This will prevent the /.well-known/acme-challenge/TokenValue request from being redirected to your https server.
As long as your DocumentRoot for the http VirtualHost is correct the cert renewal should be fine.
I tested both suggestions one after the other but it didn´t work.
I checked the DocumentRoot. In the files 000-default.conf and default-ssl.conf it was '/var/www/html'. I changed the path in '/var/www/nextcloud' and tried again both suggestions.
I get again the same error message
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
More of the same.
Try each of those (again); But this time create a test text file in the expected challenge location.
And see if it can be accessed directly from the Internet. mkdir -p /var/www/nextcloud/.well-known/acme-challenge echo "test" > /var/www/nextcloud/.well-known/acme-challenge/Test_File-1234 http://midgard.crabdance.com/.well-known/acme-challenge/Test_File-1234
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for midgard.crabdance.com
Using the webroot path /var/www/nextcloud for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
The dry run was successful.
But why does it only work with those additionally parameters?