Renewal: Invalid response from…acme-challenge

My domain is: gibhenry.com

I ran this command: sudo certbot renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/gibhenry.com.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for gibhenry.com
http-01 challenge for www.gibhenry.com
Waiting for verification…
Challenge failed for domain www.gibhenry.com
http-01 challenge for www.gibhenry.com
Cleaning up challenges
Attempting to renew cert (gibhenry.com) from /etc/letsencrypt/renewal/gibhenry.com.conf produced an unexpected error: Some challenges have failed… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/gibhenry.com/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/gibhenry.com/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: www.gibhenry.com
Type: unauthorized
Detail: Invalid response from
http://www.gibhenry.com/.well-known/acme-challenge/79ERVp_DtVIc4_HKInwm6pOC0efxwN2szv4mKyMoGCY
[68.117.148.0]: “\n\n404 Not
Found\n\n

Not Found

\n<p”

My web server is (include version): Apache Mac

The operating system my web server runs on is (include version): Catalina, MacOS 15.6

My hosting provider, if applicable, is: (self-hosted)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.3.0

N O T E: I was able to install a fresh certificate by choosing only ‘gibhenry.com’ and not the example domains. What do I need to do to get things back on track? Thanks in advance!//Gib Henry

1 Like

Hi @gibhenry

I don’t know if Apache Mac supports that. What says

apachectl -S

Or

httpd -S
1 Like

Good grief, Juergen, what took you so long to reply? Almost 10 minutes! :wink: Output below:

iGib 20-09-06 12:00 ~ 🍸 apachectl -S
AH00112: Warning: DocumentRoot [/usr/docs/dummy-host.example.com] does not exist
AH00112: Warning: DocumentRoot [/usr/docs/dummy-host2.example.com] does not exist
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server dummy-host.example.com (/private/etc/apache2/extra/httpd-vhosts.conf:23)
         port 80 namevhost dummy-host.example.com (/private/etc/apache2/extra/httpd-vhosts.conf:23)
                 alias www.dummy-host.example.com
         port 80 namevhost dummy-host2.example.com (/private/etc/apache2/extra/httpd-vhosts.conf:32)
         port 80 namevhost gibhenry.com (/private/etc/apache2/httpd.conf:538)
*:443                  gibhenry.com (/private/etc/apache2/httpd.conf:549)
ServerRoot: "/usr"
Main DocumentRoot: "/Library/WebServer/Documents"
Main ErrorLog: "/private/var/log/apache2/error_log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/private/var/run/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/private/var/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="_www" id=70 not_used
Group: name="_www" id=70 not_used

Thanks!

1 Like

There

you see your problem. No www version defined. Change that. And remove not working vHosts or change the definitions, warnings are always bad.

1 Like

Okay, I added www. versions to both :80 and :443, but only :80 shows up, and I still get the example.com warnings:

AH00112: Warning: DocumentRoot [/usr/docs/dummy-host.example.com] does not exist
AH00112: Warning: DocumentRoot [/usr/docs/dummy-host2.example.com] does not exist
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server dummy-host.example.com (/private/etc/apache2/extra/httpd-vhosts.conf:23)
         port 80 namevhost dummy-host.example.com (/private/etc/apache2/extra/httpd-vhosts.conf:23)
                 alias www.dummy-host.example.com
         port 80 namevhost dummy-host2.example.com (/private/etc/apache2/extra/httpd-vhosts.conf:32)
         port 80 namevhost gibhenry.com (/private/etc/apache2/httpd.conf:538)
                 alias www.gibhenry.com
*:443                  gibhenry.com (/private/etc/apache2/httpd.conf:549)

/private/etc/apache2/extra/httpd-vhosts.conf:23 shows

<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot "/usr/docs/dummy-host.example.com"
    ServerName dummy-host.example.com
    ServerAlias www.dummy-host.example.com
    ErrorLog "/private/var/log/apache2/dummy-host.example.com-error_log"
    CustomLog "/private/var/log/apache2/dummy-host.example.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host2.example.com
    DocumentRoot "/usr/docs/dummy-host2.example.com"
    ServerName dummy-host2.example.com
    ErrorLog "/private/var/log/apache2/dummy-host2.example.com-error_log"
    CustomLog "/private/var/log/apache2/dummy-host2.example.com-access_log" common
</VirtualHost>

How do I fix the dummy-host.example.com problem? It’s apparently needed by ACME/certbot…? Thanks again! //Gib