Renewal Problem webroot - Certbot failed to authenticate some domains (authenticator: webroot) - unauthorized

My domain is:
classicalconversationsplus.com

I ran this command:
certbot certonly --dry-run --cert-name classicalconversationsplus.com --webroot -w /var/www/classicalconversationsplus/

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Certificate is due for renewal, auto-renewing...
Simulating renewal of an existing certificate for classicalconversationsplus.com and www.classicalconversationsplus.com
Performing the following challenges:
http-01 challenge for classicalconversationsplus.com
http-01 challenge for www.classicalconversationsplus.com
Using the webroot path /var/www/classicalconversationsplus for all unmatched domains.
Waiting for verification...
Challenge failed for domain classicalconversationsplus.com
Challenge failed for domain www.classicalconversationsplus.com
http-01 challenge for classicalconversationsplus.com
http-01 challenge for www.classicalconversationsplus.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: classicalconversationsplus.com
Type: unauthorized
Detail: 54.172.83.145: Invalid response from http://classicalconversationsplus.com/.well-known/acme-challenge/Gj8YYJtGXbHTlMSMR56bfxBWR0DeE5c664lIgzFXAmk: 404

Domain: www.classicalconversationsplus.com
Type: unauthorized
Detail: 54.172.83.145: Invalid response from http://www.classicalconversationsplus.com/.well-known/acme-challenge/mtLgfv-I-IzVY66OCjpvRRnIpqLYV5VUDre6DkJPGPM: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

My web server is (include version):
OpenLiteSpeed OpenLiteSpeed 1.7.16

The operating system my web server runs on is (include version):
Ubuntu 20.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.32.0

Comments:
I tried placing a test.txt file in /var/www/classicalconversationsplus/.well-known/acme-challenge/ and I can access this file from out of the network of server.

I ran these tests in this site:



I can't @ http://classicalconversationsplus.com/.well-known/acme-challenge/test.txt: 404 file not found

4 Likes

I can actually access the test.txt file with HTTPS Port 443

$ curl https://classicalconversationsplus.com/.well-known/acme-challenge/test.txt
this is test

However not with HTTP Port 80.

$ curl http://classicalconversationsplus.com/.well-known/acme-challenge/test.txt
<!DOCTYPE html>
<html style="height:100%">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title> 404 Not Found
</title></head>
<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
<div style="height:auto; min-height:100%; ">     <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
        <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>
<h2 style="margin-top:20px;font-size: 30px;">Not Found
</h2>
<p>The resource requested could not be found on this server!</p>
</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">
<br>Proudly powered by  <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
2 Likes

Uch, for some reason I had the ":" behind "test.txt", so obviously that wouldn't work. Not sure where it came from :roll_eyes:

Although if I replicate Bruce's HTTP attempt without the :, which resulted in a 404 for Bruce, it does work for me now. So something has changed.

Then I don't understand why the challenge fails. The debug log from OpenLiteSpeed should shed more light on the reason why OpenLiteSpeed thinks it can't find the file.. I hope.

3 Likes

Thank you @Osiris and @Bruce5051 .

As I said, I run OpenLiteSpeed web server, the problem was that this domain did not have a listener for port 80, I added the listener and the authentication run without problem and in consecuense I could renew the certificate for this domain. For me, it is case closed.

As a suggestion, if you can add "Renewal problem" to the topic of the thread maybe helpfull for other people.

Thanks again.

3 Likes

I think you can edit it yourself when you edit your first post: the title becomes editable too.

3 Likes