Renew fails for multiple domains

Sorry, I guess this question is asked a gazillion times already.
I have issues renewing my multi-domain certificate. I have multiple domains:

  • monsta-industries.com
  • cloud.monsta-industries.com

  • The first - monsta-industries.com - is listed as a A record in DNS. The others are CNAME records pointing to the A record.
    NSlookup works fine. However when I call
    certbot -d monsta-industries.com -d cloud.monsta-industries.com --apache
    the sub-domains cannot be validated, the main however can:

Renewing an existing certificate
Performing the following challenges:
http-01 challenge for monsta-industries.com
http-01 challenge for cloud.monsta-industries.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. cloud.monsta-industries.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://cloud.monsta-industries.com/.well-known/acme-challenge/NE3HHBh4z1kz5FyuP6QNbPehQtZP_LSfwm0nwCEUQ6M [67.209.121.26]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

The apache config shows:
ServerName cloud.monsta-industries.com
ServerAlias monsta-industries.com *.monsta-industries.com
...
RewriteEngine on
RewriteCond %{SERVER_NAME} =cloud.monsta-industries.com [OR]
RewriteCond %{SERVER_NAME} =monsta-industries.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

I also tried certbot -a webroot -i apache -w ... -d ... without any differences.

Any idea, what am I doing wrong here?

1 Like

Hi @allwi

what says

apachectl -S
1 Like

Many thanks @JuergenAuer,

sorry it was a noob error :roll_eyes:
apachectl showed
*:80 is a NameVirtualHost
default server cloud.monsta-industries.com (/etc/apache2/sites-enabled/default.conf:1)
port 80 namevhost cloud.monsta-industries.com (/etc/apache2/sites-enabled/default.conf:1)
alias ...
alias ...
port 80 namevhost cloud.monsta-industries.com (/etc/apache2/sites-enabled/nextcloud.conf:1)
alias ...
alias ...

After I disabled the unnecessary ‘default’ config, everything works fine (though I don’t really understand why cloud.monsta-industries.com failed and not monsta-industries.com)

1 Like