Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:plspro.com

I ran this command: /root/certbot-auto2

It produced this output:
There are 25 web site that pass through an apache proxy.
they all same the same error but I will copy/paste one

[root@proxy01.prod.quad.local ~] ./certbot-auto2
Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

1: getfreight.com
2: brandsafwayqa.plspro.com
3: brandsafwayuat.plspro.com
4: commissions.plspro.com
5: customer.plspro.com
6: qa.customer.plspro.com
7: int.plspro.com
8: www.int.plspro.com
9: mclient.plspro.com
10: www.mclient.plspro.com
11: mclient-qa.plspro.com
12: www.mclient-qa.plspro.com
13: minova.plspro.com
14: minovauat.plspro.com
15: mtrucker.plspro.com
16: www.mtrucker.plspro.com
17: mtrucker-qa.plspro.com
18: www.mtrucker-qa.plspro.com
19: projects.plspro.com
20: safway.plspro.com
21: safwayqa.plspro.com
22: safwayuat.plspro.com
23: test.plspro.com
24: tms.plspro.com
25: jasperprod.plsthree.pro

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/minova.plspro.com.conf)

It contains these names: tms.plspro.com, minova.plspro.com, safway.plspro.com

You requested these names for the new certificate: getfreight.com,
brandsafwayqa.plspro.com, brandsafwayuat.plspro.com, commissions.plspro.com,
customer.plspro.com, qa.customer.plspro.com, int.plspro.com, www.int.plspro.com,
mclient.plspro.com, www.mclient.plspro.com, mclient-qa.plspro.com,
www.mclient-qa.plspro.com, minova.plspro.com, minovauat.plspro.com,
mtrucker.plspro.com, www.mtrucker.plspro.com, mtrucker-qa.plspro.com,
www.mtrucker-qa.plspro.com, projects.plspro.com, safway.plspro.com,
safwayqa.plspro.com, safwayuat.plspro.com, test.plspro.com, tms.plspro.com,
jasperprod.plsthree.pro.

Do you want to expand and replace this existing certificate with the new
certificate?

(E)xpand/(C)ancel: E
Renewing an existing certificate for getfreight.com and 24 more domains
Performing the following challenges:
http-01 challenge for customer.plspro.com
http-01 challenge for brandsafwayqa.plspro.com
http-01 challenge for brandsafwayuat.plspro.com
http-01 challenge for commissions.plspro.com
http-01 challenge for getfreight.com
http-01 challenge for int.plspro.com
http-01 challenge for jasperprod.plsthree.pro
http-01 challenge for mclient-qa.plspro.com
http-01 challenge for mclient.plspro.com
http-01 challenge for minova.plspro.com
Waiting for verification...
Challenge failed for domain getfreight.com
Challenge failed for domain jasperprod.plsthree.pro
Challenge failed for domain minova.plspro.com
Challenge failed for domain projects.plspro.com
Challenge failed for domain safway.plspro.com
Challenge failed for domain tms.plspro.com
http-01 challenge for getfreight.com
http-01 challenge for jasperprod.plsthree.pro
http-01 challenge for minova.plspro.com
http-01 challenge for projects.plspro.com
http-01 challenge for safway.plspro.com
http-01 challenge for tms.plspro.com
http-01 challenge for www.int.plspro.com
http-01 challenge for www.mclient-qa.plspro.com
http-01 challenge for www.mclient.plspro.com
http-01 challenge for www.mtrucker-qa.plspro.com
http-01 challenge for www.mtrucker.plspro.com
http-01 challenge for safwayqa.plspro.com
http-01 challenge for brandsafwayqa.plspro.com
http-01 challenge for commissions.plspro.com
http-01 challenge for customer.plspro.com
http-01 challenge for brandsafwayuat.plspro.com
http-01 challenge for int.plspro.com
http-01 challenge for mclient-qa.plspro.com
http-01 challenge for mclient.plspro.com
http-01 challenge for minovauat.plspro.com
http-01 challenge for mtrucker-qa.plspro.com
http-01 challenge for mtrucker.plspro.com
http-01 challenge for qa.customer.plspro.com
http-01 challenge for safwayuat.plspro.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: getfreight.com
  Type: unauthorized
  Detail: The key authorization file from the server did not match
  this challenge
  "kLDcfpQggS1bPA6gf7WKM3qBrNsOoMvCbd8B0dE4g9g.TMZxIXRfNL6vHje_Sj-8VDHxZ4xL8fNDwi34dqIuuGY"
  != ""

  Domain: jasperprod.plsthree.pro
  Type: unauthorized
  Detail: Invalid response from
  https://jasperprod.plsthree.pro/.well-known/acme-challenge/S8c2LwuTq38heEu7LbSRji2oPEYNuFeJ6CmS6CJ6zc0
  [209.166.177.29]: "<!doctype html><html
  lang="en">HTTP Status 404 – Not Found<style
  type="text/css">body {font-family:Tahoma"

  Domain: minova.plspro.com
  Type: unauthorized
  Detail: Invalid response from
  https://minova.plspro.com/.well-known/acme-challenge/UXS3W3s3hNNaEP2URwi2xVJDhXJgQJYiPXj8UprMR2g
  [209.166.177.29]: "\n\n404 Not
  Found\n\n

  Not Found

  \n<p"

My web server is (include version):apache
[root@proxy01.prod.quad.local ~] apachectl -v
Server version: Apache/2.2.15 (Unix)
Server built: Feb 19 2018 06:33:40
[root@proxy01.prod.quad.local ~]

The operating system my web server runs on is (include version):
RHEL 6.10

My hosting provider, if applicable, is:
Network Solutions?

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
please, windows?

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1.10.1

This could use some update:

Please show the output of:
sudo apachectl -t -D DUMP_VHOSTS

Thanks Rudy.

Keep in mind , this has been set up for years and years and never maintained.

There are some sites there that no longer exist.

[root@proxy01.prod.quad.local ~] apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:8080 commissions.plspro.com (/etc/httpd/conf.d/_commissions.conf:2)
*:443 is a NameVirtualHost
default server brandsafwayqa.plspro.com (/etc/httpd/conf.d/_brandsafwayqa.plspro-le-ssl.conf:2)
port 443 namevhost brandsafwayqa.plspro.com (/etc/httpd/conf.d/_brandsafwayqa.plspro-le-ssl.conf:2)
alias brandsafwayqa.plspro.com
port 443 namevhost brandsafwayuat.plspro.com (/etc/httpd/conf.d/_brandsafwayuat.plspro-le-ssl.conf:2)
alias brandsafwayuat.plspro.com
port 443 namevhost customer.plspro.com (/etc/httpd/conf.d/_customerportal-prod-le-ssl.conf:2)
port 443 namevhost qa.customer.plspro.com (/etc/httpd/conf.d/_customerportal-qa-le-ssl.conf:2)
port 443 namevhost Jasperprod.plsthree.pro (/etc/httpd/conf.d/_jasperprod.plsthree-le-ssl.conf:2)
alias jasperprod.plsthree.pro
port 443 namevhost minova.plspro.com (/etc/httpd/conf.d/_minova.plspro-le-ssl.conf:2)
alias minova.plspro.com
port 443 namevhost safway.plspro.com (/etc/httpd/conf.d/_safway.plspro-le-ssl.conf:4)
alias safway.plspro.com
port 443 namevhost test.plspro.com (/etc/httpd/conf.d/_test.plspro-le-ssl.conf:2)
port 443 namevhost tms.plspro.com (/etc/httpd/conf.d/_tms.plspro-le-ssl.conf:2)
port 443 namevhost proxy01.prod.quad.local (/etc/httpd/conf.d/ssl.conf:76)
*:80 is a NameVirtualHost
default server brandsafwayqa.plspro.com (/etc/httpd/conf.d/_brandsafwayqa.plspro.conf:1)
port 80 namevhost brandsafwayqa.plspro.com (/etc/httpd/conf.d/_brandsafwayqa.plspro.conf:1)
alias brandsafwayqa.plspro.com
port 80 namevhost brandsafwayuat.plspro.com (/etc/httpd/conf.d/_brandsafwayuat.plspro.conf:1)
alias brandsafwayuat.plspro.com
port 80 namevhost customer.plspro.com (/etc/httpd/conf.d/_customerportal-prod.conf:1)
port 80 namevhost qa.customer.plspro.com (/etc/httpd/conf.d/_customerportal-qa.conf:1)
port 80 namevhost getfreight.com (/etc/httpd/conf.d/_getfreight.conf:1)
port 80 namevhost int.plspro.com (/etc/httpd/conf.d/_int.conf:3)
alias [www.int.plspro.com](http://www.int.plspro.com)
port 80 namevhost Jasperprod.plsthree.pro (/etc/httpd/conf.d/_jasperprod.plsthree.conf:1)
port 80 namevhost mclient-qa.plspro.com (/etc/httpd/conf.d/_mclient-qa.conf:1)
alias [www.mclient-qa.plspro.com](http://www.mclient-qa.plspro.com)
port 80 namevhost mclient.plspro.com (/etc/httpd/conf.d/_mclient.conf:4)
alias [www.mclient.plspro.com](http://www.mclient.plspro.com)
port 80 namevhost minova.plspro.com (/etc/httpd/conf.d/_minova.plspro.conf:1)
port 80 namevhost minovauat.plspro.com (/etc/httpd/conf.d/_minovauat.plspro.conf:1)
port 80 namevhost mtrucker-qa.plspro.com (/etc/httpd/conf.d/_mtrucker-qa.conf:2)
alias [www.mtrucker-qa.plspro.com](http://www.mtrucker-qa.plspro.com)
port 80 namevhost mtrucker.plspro.com (/etc/httpd/conf.d/_mtrucker.conf:5)
alias [www.mtrucker.plspro.com](http://www.mtrucker.plspro.com)
port 80 namevhost projects.plspro.com (/etc/httpd/conf.d/_projects.conf:3)
port 80 namevhost safway.plspro.com (/etc/httpd/conf.d/_safway.plspro.conf:1)
port 80 namevhost safwayqa.plspro.com (/etc/httpd/conf.d/_safwayqa.plspro.conf:1)
alias safwayqa.plspro.com
port 80 namevhost safwayuat.plspro.com (/etc/httpd/conf.d/_safwayuat.plspro.conf:1)
alias safwayuat.plspro.com
port 80 namevhost test.plspro.com (/etc/httpd/conf.d/_test.plspro.conf:1)
port 80 namevhost tms.plspro.com (/etc/httpd/conf.d/_tms.plspro.conf:1)
Syntax OK

Please show this file:
/etc/httpd/conf.d/_getfreight.conf

Ok , that one just redirects for some reason to our other domain .

[root@proxy01.prod.quad.local ~] cat /etc/httpd/conf.d/_getfreight.conf

<VirtualHost *:80>
ServerName getfreight.com
Redirect permanent / [http://www.plslogistics.com/](http://www.plslogistics.com/)
</VirtualHost>
[root@proxy01.prod.quad.local ~]
You may want to see minova or safeway
[root@proxy01.prod.quad.local /etc/httpd/conf.d] cat _minova.plspro-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName minova.plspro.com
ServerAlias minova.plspro.com
ProxyPreserveHost on
ProxyPass / [http://10.116.10.2/](http://10.116.10.2/)
ProxyPassReverse / http:/10.116.10.2/
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =minova.plspro.com
# RewriteRule ^ [https://%{SERVER_NAME}%{REQUEST_URI}](https://%25%7bSERVER_NAME%7d%25%7bREQUEST_URI%7d) [L,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/minova.plspro.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/minova.plspro.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/minova.plspro.com/chain.pem
</VirtualHost>
</IfModule>

It redirects to a name that isn't managed by your server.
So, there is no way for it to validate the challenge request.
[which goes to www.plslogistics.com]

OK, what about the rest of them?

This server worked fine built by someone else before me.

We migrated it to Google Cloud.

It got a different ip and hostname.

Now it doesn’t work.

That’s all we did.

If they do the same, then they will also fail.

Then you may need to do a bit more.

That What im asking. What do I need to do ?

I think I see what it is.
I see an address 209.166.177.29

That is where the current load balancer lives with the plspro.com cert which I do not have control of.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.