Sudo certbot --apache fails on Ubuntu 20.04

My domain is:

I ran this command:
sudo certbot --apache -v

It produced this output:
Requesting a certificate for tenkle.com and www.tenkle.com
Performing the following challenges:
http-01 challenge for tenkle.com
http-01 challenge for www.tenkle.com
Enabled Apache rewrite module
Waiting for verification...
Challenge failed for domain tenkle.com
Challenge failed for domain www.tenkle.com
http-01 challenge for tenkle.com
http-01 challenge for www.tenkle.com

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: tenkle.com
Type: unauthorized
Detail: 67.205.16.148: Invalid response from http://tenkle.com/.well-known/acme-challenge/nABn8VYojRoznIQsjyT65BQowDJrU50oTAyJ907v3dM: 404

Domain: www.tenkle.com
Type: unauthorized
Detail: 67.205.16.148: Invalid response from http://www.tenkle.com/.well-known/acme-challenge/U7dRD711hfLwaZmqEv4CA1MiGWlmPv3u9B3TULq1ptM: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@ubuntu-s-1vcpu-1gb-lon1-01:~#

My web server is (include version):
Apache/2.4.62 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 24.10

My hosting provider, if applicable, is:
Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.9.0

sites-available/tenkle_com.conf

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName tenkle.com
    ServerAlias www.tenkle.com
    DocumentRoot /var/www/tenkle_com
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

$ sudo apache2ctl configtest
Syntax OK

$ sudo ufw status
Status: active

To Action From

Apache Full ALLOW Anywhere
1883 ALLOW Anywhere
22/tcp ALLOW Anywhere
22 ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere (v6)
1883 (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)

Screenshot 2024-11-19 at 17.03.212052×1094 162 KB

Any help would be much appreciated

Usually Apache only uses files in sites-enabled. A symlink in that points to the underlying file in sites-available. Usually setup by commands a2ensite and a2dissite

You should check your "active" Apache config with

sudo apache2ctl -t -D DUMP_VHOSTS

sudo apache2ctl -t -D DUMP_VHOSTS

VirtualHost configuration:
*:80                   tenkle.com (/etc/apache2/sites-enabled/tenkle_com.conf:1)

You say you are using Apache...
But I see nginx answering:

curl -Ii http://www.tenkle.com/
HTTP/1.1 200 OK
Server: nginx/1.25.5       <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Date: Tue, 19 Nov 2024 17:45:52 GMT
Content-Type: text/html
Content-Length: 870
Last-Modified: Tue, 12 Nov 2024 23:14:34 GMT
Connection: keep-alive
ETag: "6733e15a-366"
Accept-Ranges: bytes

Are you at the right IP?
What shows?:
curl ifconfig.io

curl ifconfig.io
gives

178.128.46.168

Which is the right IP (Digital Ocean droplet)

Screenshot 2024-11-19 at 18.02.352216×294 28.4 KB

It's a brand new VPS, never used nginx on it.

Interestingly

curl -Ii http://tenkle.com/

gives

HTTP/1.1 200 OK
Date: Tue, 19 Nov 2024 18:04:37 GMT
Server: Apache/2.4.62 (Ubuntu)
Last-Modified: Tue, 19 Nov 2024 16:38:37 GMT
ETag: "fc-62746aa364ccb"
Accept-Ranges: bytes
Content-Length: 252
Vary: Accept-Encoding
Content-Type: text/html

Which I would expect. Visiting http://tenkle.com/ give the correct content.

Nothing to see here please move along

and

curl -Ii http://www.tenkle.com/ (note the www)

gives

HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Tue, 19 Nov 2024 18:05:52 GMT
Content-Type: text/html
Content-Length: 870
Last-Modified: Tue, 12 Nov 2024 23:14:34 GMT
Connection: keep-alive
ETag: "6733e15a-366"
Accept-Ranges: bytes

Which is what you saw! Visiting http://www.tenkle.com/ points at Dreamhost!!!

Any more ideas?

The DNS for both are pointed at the right IP...

Screenshot 2024-11-19 at 18.12.122066×292 28.9 KB

Points to DreamHost. Don't you want it pointing to your Digital Ocean droplet?

When running certbot --apache you need to run that on the server for the domain you request

OK, looks like this was a DNS propogation issue.
All sorted now.
Thanks for your help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.