Renew: Invaild response from /.well-known

Heyy,

My domain is:
Cloud.Rakutt.eu
I ran this command:
certbot renew (because it dosn’t auto-renew)

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/cloud.rakutt.eu.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for cloud.rakutt.eu
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (cloud.rakutt.eu) from /etc/letsencrypt/renewal/cloud.rakutt.eu.conf produced an unexpected error: Failed authorization procedure. cloud.rakutt.eu (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://cloud.rakutt.eu/.well-known/acme-challenge/fWL8KGL1HinBV6doN3mGinmSwXdPGT52kLmreAtM1bE [2a02:7b40:d418:6511::1]: “\n\n404 Not Found\n\n

Not Found

\n<p”. Skipping.

Processing /etc/letsencrypt/renewal/tollerserver.de.conf


Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/cloud.rakutt.eu/fullchain.pem (failure)


The following certs are not due for renewal yet:
/etc/letsencrypt/live/tollerserver.de/fullchain.pem expires on 2019-07-25 (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/cloud.rakutt.eu/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

My web server is (include version):
Apache/2.4.25

The operating system my web server runs on is (include version):
Debian 9

My hosting provider, if applicable, is:
time4vps

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Nextcloud 15.0.5

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.28.0

I checkt my Domain Settings. A/AAAA records are fine.

Thanks for your help.
LG PlanetWalker

Can you post the output of “sudo apachectl -t -D DUMP_VHOSTS”?

Hi @PlanetWalker

you have ipv4- and ipv6 - addresses ( https://check-your-website.server-daten.de/?q=cloud.rakutt.eu ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
cloud.rakutt.eu A 212.24.101.17 yes 1 0
AAAA 2a02:7b40:d418:6511::1 yes
www.cloud.rakutt.eu Name Error yes 1 0

But your ipv6 (a standard problem) looks good:

Domainname Http-Status redirect Sec. G
http://cloud.rakutt.eu/
212.24.101.17 301 https://cloud.rakutt.eu/ 0.070 A
http://cloud.rakutt.eu/
2a02:7b40:d418:6511::1 301 https://cloud.rakutt.eu/ 0.064 A
https://cloud.rakutt.eu/
212.24.101.17 200 0.720 N
Certificate error: RemoteCertificateChainErrors
https://cloud.rakutt.eu/
2a02:7b40:d418:6511::1 200 0.296 N
Certificate error: RemoteCertificateChainErrors
http://cloud.rakutt.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
212.24.101.17 301 https://cloud.rakutt.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.080 A
Visible Content: Moved Permanently The document has moved here . Apache/2.4.25 (Debian) Server at cloud.rakutt.eu Port 80
http://cloud.rakutt.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a02:7b40:d418:6511::1 301 https://cloud.rakutt.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.064 A
Visible Content: Moved Permanently The document has moved here . Apache/2.4.25 (Debian) Server at cloud.rakutt.eu Port 80
https://cloud.rakutt.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 0.300 N
Not Found
Certificate error: RemoteCertificateChainErrors
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.25 (Debian) Server at cloud.rakutt.eu Port 443

/ works with ipv4 and ipv6, http + /.well-known/acme-challenge/unknown-file is redirected to https (that’s ok), then there is the expected answer http status 404 - Not Found.

Your / has a meta redirect to https://cloud.rakutt.eu/nextcloud/.

Try to find the DocumentRoot of your Apache https vHost. Then use it:

certbot run -a webroot -i apache -w yourDocumentRoot -d cloud.rakutt.eu
1 Like

Thirst of all thank you for your quick response @JuergenAuer.
Unfortunately i get this response

certbot run -a webroot -i apache -w /var/www/html/nextcloud -d cloud.rakutt.eu

certbot run -a webroot -i apache -w /var/www/html/nextcloud/ -d cloud.rakutt.eu

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer apache
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for cloud.rakutt.eu
Using the webroot path /var/www/html/nextcloud for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. cloud.rakutt.eu (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://cloud.rakutt.eu/.well-known/acme-challenge/hGlyjNql-5UmXY5_va4vv8Qfx2t0awbhKkPtf5DyZ5I [2a02:7b40:d418:6511::1]: “\n\n404 Not Found\n\n

Not Found

\n<p”

IMPORTANT NOTES:

My /etc/apache2/sites-enabled/cloud.conf

<VirtualHost *:80>

    ServerName rakutt.eu
    ServerAlias cloud.rakutt.eu
    ServerAdmin admin@rakutt.eu
                    
    DocumentRoot /var/www/html/nextcloud
                    
    <Directory /var/www/html/nextcloud>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
    </Directory>

Header set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload” env=HTTPS

my /etc/apache2/sites-enabled/cloud-le-ssl.conf (was missing)

< IfModule mod_ssl.c>

<VirtualHost *:443>

    ServerName cloud.rakutt.eu
    ServerAdmin admin@rakutt.eu
                    
    DocumentRoot /var/www/html/nextcloud
                    
    <Directory /var/www/html/nextcloud>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
    </Directory>

ServerAlias cloud.rakutt.eu
SSLCertificateFile /etc/letsencrypt/live/cloud.rakutt.eu/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.rakutt.eu/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
< VirtualHost>
< /IfModule>

I used the DocumentRoot from my conf.
Maybe i made a mistake with this, but i don’t know better.

LG PlanetWalker

Is this

really your used DocumentRoot? You have a redirect

2a02:7b40:d418:6511::1
	meta
	refresh
	0; URL=https://cloud.rakutt.eu/nextcloud/

so the result folder would be

/var/www/html/nextcloud/nextcloud

Create the two subdirectories

/var/www/html/nextcloud/.well-known/acme-challenge

there a file (file name 1234), then check, if you are able to load that file via

http://cloud.rakutt.eu/.well-known/acme-challenge/1234

Same with

/var/www/html

What says

apachectl -S
1 Like

Thank you so mutch for your help @JuergenAuer!

certbot run -a webroot -i apache -w /var/www/html/ -d cloud.rakutt.eu

and it works…

LG PlanetWalker

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.