Renewal failed - DNS issue?

Hello,
I am not able to renew or even recreate my SSL certificate.

My domain is: mirror.freedif.org

I ran this command: certbot --apache

It produced this output:>

Domain: mirror.freedif.org
Type: unauthorized
Detail: 132.147.122.105: Invalid response from
http://mirror.freedif.org/.well-known/acme-challenge/BAh87mm1EnoahvW2DfBhVHKgVU4SjpcY5D_AKO28Ark:
404

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

I am using Debian 11 and running certbot 1.12. The server is on my home network.

Any idea where it could come from? How to diagnostic?
Not sure why I could do before, but not anymore.

Thank you

1 Like

Hi @karibuTW, and welcome to the LE community forum :slight_smile:

  1. Check the IP address.
    Compare these IP outputs:
    curl ifconfig.co
    nslookup mirror.freedif.org

  2. Confirm the Apache config.
    Review output of:
    apachectl -t -D DUMP_VHOSTS

3 Likes

Thanks @rg305

  1. IP Address

karibu@server:~$ curl ifconfig.co
132.147.122.105
karibu@server:~$ nslookup mirror.freedif.org
Server: 192.168.2.1
Address: 192.168.2.1#53

Non-authoritative answer:
mirror.freedif.org canonical name = home.freedif.org.
Name: home.freedif.org
Address: 132.147.122.105

This seems okay

  1. apace config

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server home.freedif.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost home.freedif.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost mirror.freedif.org (/etc/apache2/sites-enabled/mirror-le-ssl.conf:2)

*:80 is a NameVirtualHost
default server home.freedif.org (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost home.freedif.org (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost mirror.freedif.org (/etc/apache2/sites-enabled/mirror.conf:1)

Let me fix the error message at the beginning of it. Not sure if this is the issue.

EDIT: I've added home.freedif.org as ServerName on global configuration, this error is gone now, but still failing to create or renew certificate.
Any ideas?

Would you show the contents of this file? So far looks fine.

/etc/apache2/sites-enabled/mirror.conf

Please put 3 backticks before and after the output. Like this:
```
output
```

3 Likes

I have a

RewriteEngine off

inside might be the issue. Let me try

Alright! This was the issue indeed. Fixed now.
Thanks for the support!

3 Likes