Renewal does work for multiple certs except one

#1

I have multiple sites on one server and different letsencrypt certificates for all of them.
All of them except one is working fine.

  • DNS works
  • url (port 80) can be reached from outside
  • renewal does not work. I got error as below:
  • exaclty the same setup for all sites

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 5
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ha.gramfalt.se
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. ha.gramfalt.se (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://xxx/.well-known /acme-challenge/wyqSVHzFVxo0n_To6YtTC63abkS2DMGNDJSRBQSs2-Y [xxx.xxx.xxx.xxx]: “\n\n404 Not Found\n\n

Not Fo und

\n<p”

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: ha.gramfalt.se
    Type: unauthorized
    Detail: Invalid response from
    http://xxx/.well-known/acme-challenge/wyqSVHzFVxo0n_To6YtTC63abkS2DMGNDJSRBQSs2-Y
    [xxx.xxx.xxx.xxx]: “\n\n404 Not
    Found\n\n

    Not Found

    \n<p”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

What to do?

#2

Hi @spu

checking your domain via https://check-your-website.server-daten.de/?q=ha.gramfalt.se there is something that looks like an error:

The url-check:

Domainname Http-Status redirect Sec. G
http://ha.gramfalt.se/
213.50.165.47 200 0.097 H
https://ha.gramfalt.se/
213.50.165.47 200 2.010 N
Certificate error: RemoteCertificateNameMismatch
http://ha.gramfalt.se/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
213.50.165.47 404 0.097 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.29 (Ubuntu) Server at ha.gramfalt.se Port 80

But the certificate:

CN=alma.gramfalt.se
	05.04.2019
	04.07.2019
expires in 47 days	alma.gramfalt.se - 1 entry

Looks like the wrong vHost is used.

What says

apachectl configtest
apachectl fullstatus
apachectl -S