This domain was previously renewing OK. Fails with a 403 error (see log). Apache log shows 200 status for 3 accesses are 4 required? I removed any banned IPs from iptables (fail2ban running).
Apache access log below, nothing seen in error log.
3.137.167.13 77 - [24/May/2024:16:15:32 -0400] "GET /.well-known/acme-challenge/1KUPuuvTD2c_Azp1y6VRu9nxJ3WxTqFFx2bFNpWGSTc HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
23.178.112.200 56 - [24/May/2024:16:15:32 -0400] "GET /.well-known/acme-challenge/1KUPuuvTD2c_Azp1y6VRu9nxJ3WxTqFFx2bFNpWGSTc HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
35.93.112.118 69 - [24/May/2024:16:15:32 -0400] "GET /.well-known/acme-challenge/1KUPuuvTD2c_Azp1y6VRu9nxJ3WxTqFFx2bFNpWGSTc HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
My domain is:
imaging.capecodexp.com
I ran this command:
certbot renew
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/imaging.capecodexp.com.conf
Renewing an existing certificate for imaging.capecodexp.com
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: imaging.capecodexp.com
Type: unauthorized
Detail: During secondary validation: 96.67.1.107: Invalid response from http://imaging.capecodexp.com/.well-known/acme-challenge/1KUPuuvTD2c_Azp1y6VRu9nxJ3WxTqFFx2bFNpWGSTc: 403
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Failed to renew certificate imaging.capecodexp.com with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/imaging.capecodexp.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version):
Server version: Apache/2.4.37 (AlmaLinux)
The operating system my web server runs on is (include version):
AlmaLinux release 8.8 (Sapphire Caracal)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.5.0
