Renewal is failing with acme challenge 404

That's quite strange.

Now back to the puzzle...
How can a file exist but not be served by Apache ?!?!?!?!?!

curl http://52.14.105.212/.well-known/acme-challenge/Test_File-1234
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.4.29 (Ubuntu) Server at 52.14.105.212 Port 80</address>
</body></html>

curl http://admin.wizpms.com/.well-known/acme-challenge/Test_File-1234
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.4.29 (Ubuntu) Server at admin.wizpms.com Port 80</address>
</body></html>

Is this actually like that, with a dot?

Yes.

drwxr-xr-x 15 root root 4096 Apr 15 17:47 .
drwxr-xr-x 23 root root 4096 Apr 1 06:39 ..
drwxr-xr-x 2 root root 4096 Apr 15 06:25 backups
drwxr-xr-x 11 root root 4096 Sep 9 2020 cache
drwxrwxrwt 2 root root 4096 Sep 3 2020 crash
drwxr-xr-x 40 root root 4096 Oct 26 06:56 lib
drwxrwsr-x 2 root staff 4096 Apr 24 2018 local
lrwxrwxrwx 1 root root 9 Sep 3 2020 lock -> /run/lock
drwxrwxr-x 11 root syslog 4096 Apr 15 06:25 log
drwxrwsr-x 2 root mail 4096 Sep 3 2020 mail
drwxr-xr-x 2 root root 4096 Sep 3 2020 opt
lrwxrwxrwx 1 root root 4 Sep 3 2020 run -> /run
drwxr-xr-x 8 root root 4096 Nov 6 2020 snap
drwxr-xr-x 4 root root 4096 Sep 3 2020 spool
drwxrwxrwt 6 root root 4096 Apr 15 20:55 tmp
drwxr-xr-x 3 root root 4096 Sep 9 2020 www
drwxr-xr-x 3 root root 4096 Apr 15 17:47 www.html
root@ip-172-31-44-194:/var#

That's the problem.

It should be /var/www/html

Or, at least, Apache is looking in there.

Yes. There is a location /var/www/html

root@ip-172-31-44-194:/var/www/html# ls -al
total 172
drwxr-xr-x 6 root root 4096 Jan 28 04:59 .
drwxr-xr-x 3 root root 4096 Sep 9 2020 ..
drwxr-xr-x 2 root root 12288 Jan 28 04:59 css
-rw-r--r-- 1 root root 1150 Jan 28 04:59 favicon.ico
-rw-r--r-- 1 root root 1182 Jan 28 04:59 favicon.png
-rw-r--r-- 1 root root 830 Jan 28 04:59 firebase-messaging-sw.js
drwxr-xr-x 2 root root 4096 Jan 28 04:59 fonts
drwxr-xr-x 2 root root 4096 Jan 28 04:59 img
-rw-r--r-- 1 root root 26567 Jan 28 04:59 index.html
drwxr-xr-x 2 root root 36864 Jan 28 04:59 js
-rw-r--r-- 1 root root 1583 Jan 28 04:59 loader.css
-rw-r--r-- 1 root root 3688 Jan 28 04:59 loading-logo.png
-rw-r--r-- 1 root root 50893 Jan 28 04:59 logo.jpg
-rw-r--r-- 1 root root 6695 Jan 28 04:59 logo.png
root@ip-172-31-44-194:/var/www/html#

mkdir -p /var/www/html/.well-known/acme-challenge/

echo "test" > /var/www/html/.well-known/acme-challenge/Test_File-1234

And then

curl -iL http://admin.wizpms.com/.well-known/acme-challenge/Test_File-1234

(Keyboards...)

This is better

root@ip-172-31-44-194:/var/www/html# curl -iL http://admin.wizpms.com/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 200 OK
Date: Fri, 15 Apr 2022 21:40:42 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Fri, 15 Apr 2022 21:40:23 GMT
ETag: "5-5dcb84209046c"
Accept-Ranges: bytes
Content-Length: 5

test
root@ip-172-31-44-194:/var/www/html#

Ok, now try

certbot certonly --apache --dry-run

root@ip-172-31-44-194:/var/www/html# certbot --apache --dry-run
--dry-run currently only works with the 'certonly' or 'renew' subcommands ('run')
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmp21llw_s2/log or re-run Certbot with -v for more details.
root@ip-172-31-44-194:/var/www/html#Preformatted text

My bad:

root@ip-172-31-44-194:/var/www/html# certbot certonly --apache --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?

1: admin.wizpms.com
2: axis.wizpms.com
3: borrelli.wizpms.com
4: capella.wizpms.com
5: r2r.wizpms.com
6: rajan.wizpms.com
7: ravi.wizpms.com
8: sas01.wizpms.com
9: sprn.wizpms.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): certbot certonly --apache --dry-run

Should I select all?

Successful
Which names would you like to activate HTTPS for?

1: admin.wizpms.com
2: axis.wizpms.com
3: borrelli.wizpms.com
4: capella.wizpms.com
5: r2r.wizpms.com
6: rajan.wizpms.com
7: ravi.wizpms.com
8: sas01.wizpms.com
9: sprn.wizpms.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Simulating renewal of an existing certificate for admin.wizpms.com and 8 more domains
The dry run was successful.
root@ip-172-31-44-194:/var/www/html#

I'm not sure why it's working and it wasn't before. Perhaps it wasn't using the Apache plugin.

Try running certbot renew --apache and see if it renews your certificates.

Renewal Successful

root@ip-172-31-44-194:/var/www/html# certbot renew --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/admin.wizpms.com.conf

Renewing an existing certificate for admin.wizpms.com and 8 more domains
Reloading apache server after certificate renewal

Processing /etc/letsencrypt/renewal/axis.wizpms.com.conf

Renewing an existing certificate for axis.wizpms.com
Reloading apache server after certificate renewal

Processing /etc/letsencrypt/renewal/ravi.wizpms.com.conf

Renewing an existing certificate for ravi.wizpms.com
Reloading apache server after certificate renewal

Congratulations, all renewals succeeded:
/etc/letsencrypt/live/admin.wizpms.com/fullchain.pem (success)
/etc/letsencrypt/live/axis.wizpms.com/fullchain.pem (success)
/etc/letsencrypt/live/ravi.wizpms.com/fullchain.pem (success)

root@ip-172-31-44-194:/var/www/html#

You guys are awesome

Thank you for all the help.

I didn't understand the issue, but it's OK. It worked.

Have a wonderful weekend.

I don't get this either. Whatever.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.