Renewal failed - DNS issue?

Help
1

Hello,
I am not able to renew or even recreate my SSL certificate.

My domain is: mirror.freedif.org

I ran this command: certbot --apache

It produced this output:>

Domain: mirror.freedif.org
Type: unauthorized
Detail: 132.147.122.105: Invalid response from
http://mirror.freedif.org/.well-known/acme-challenge/BAh87mm1EnoahvW2DfBhVHKgVU4SjpcY5D_AKO28Ark:
404

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

I am using Debian 11 and running certbot 1.12. The server is on my home network.

Any idea where it could come from? How to diagnostic?
Not sure why I could do before, but not anymore.

Thank you

1 Like
2

Hi @karibuTW, and welcome to the LE community forum :slight_smile:

  1. Check the IP address.
    Compare these IP outputs:
    curl ifconfig.co
    nslookup mirror.freedif.org

  2. Confirm the Apache config.
    Review output of:
    apachectl -t -D DUMP_VHOSTS

3 Likes
3

Thanks @rg305

  1. IP Address

karibu@server:~$ curl ifconfig.co
132.147.122.105
karibu@server:~$ nslookup mirror.freedif.org
Server: 192.168.2.1
Address: 192.168.2.1#53

Non-authoritative answer:
mirror.freedif.org canonical name = home.freedif.org.
Name: home.freedif.org
Address: 132.147.122.105

This seems okay

  1. apace config

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server home.freedif.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost home.freedif.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost mirror.freedif.org (/etc/apache2/sites-enabled/mirror-le-ssl.conf:2)

*:80 is a NameVirtualHost
default server home.freedif.org (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost home.freedif.org (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost mirror.freedif.org (/etc/apache2/sites-enabled/mirror.conf:1)

Let me fix the error message at the beginning of it. Not sure if this is the issue.

EDIT: I've added home.freedif.org as ServerName on global configuration, this error is gone now, but still failing to create or renew certificate.
Any ideas?

4

Would you show the contents of this file? So far looks fine.

/etc/apache2/sites-enabled/mirror.conf

Please put 3 backticks before and after the output. Like this:
```
output
```

3 Likes
5

I have a

RewriteEngine off

inside might be the issue. Let me try

6

Alright! This was the issue indeed. Fixed now.
Thanks for the support!

3 Likes
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.