Sorry, I guess this question is asked a gazillion times already.
I have issues renewing my multi-domain certificate. I have multiple domains:
- monsta-industries.com
- cloud.monsta-industries.com
- …
The first - monsta-industries.com - is listed as a A record in DNS. The others are CNAME records pointing to the A record.
NSlookup works fine. However when I call
certbot -d monsta-industries.com -d cloud.monsta-industries.com --apache
the sub-domains cannot be validated, the main however can:
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for monsta-industries.com
http-01 challenge for cloud.monsta-industries.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. cloud.monsta-industries.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://cloud.monsta-industries.com/.well-known/acme-challenge/NE3HHBh4z1kz5FyuP6QNbPehQtZP_LSfwm0nwCEUQ6M [67.209.121.26]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
The apache config shows:
ServerName cloud.monsta-industries.com
ServerAlias monsta-industries.com *.monsta-industries.com
...
RewriteEngine on
RewriteCond %{SERVER_NAME} =cloud.monsta-industries.com [OR]
RewriteCond %{SERVER_NAME} =monsta-industries.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
I also tried certbot -a webroot -i apache -w ... -d ...
without any differences.
Any idea, what am I doing wrong here?