This is my first post here and I’m facing a problem with automating the renew process with letsencrypt.
I’ve created a test site at http://testsite.my.domain and I want to obtain a test certificate for that site. I’ve created a include file for Apache with contents:
Alias /.well-known/acme-challenge/ "/var/www/acme-challenge/" <Directory "/var/www/acme-challenge/"> AllowOverride None Options Indexes SymLinksIfOwnerMatch IncludesNoExec Require method GET POST OPTIONS Require all granted ForceType 'text/plain' AddDefaultCharset Off </Directory>
/var/www/acme-challenge/ is owned by the apache user and has 777 permissions. I include this config file in my testsite vhost file. If I try to access http://testsite.my.domain/.well-known/acme-challenge/ from the browser Apache returns a listing of the files inside the directory, so, this alias directory is accessible from the browser.
I execute this command (as root) to obtain the certificate:
certbot certonly --webroot --test-cert -w /home/www/vhosts/testsite/ -d testsite.my.domain -v
I get a 404 error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for testsite.my.domain Using the webroot path /home/www/vhosts/testsite for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. testsite.my.domain (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://testsite.my.domain/.well-known/acme-challenge/JhzOOYXG8xo83LFJZJVRFtoQ-L6snyHiSXyqdHAHc3Q: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p" IMPORTANT NOTES: - The following errors were reported by the server: Domain: testsite.my.domain Type: unauthorized Detail: Invalid response from http://testsite.my.domain/.well-known/acme-challenge/JhzOOYXG8xo83LFJZJVRFtoQ-L6snyHiSXyqdHAHc3Q: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p" To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
What is the error here? In the vhost access log I get this:
220.127.116.11 - - [21/Apr/2017:20:17:54 +0300] "GET /.well-known/acme-challenge/JhzOOYXG8xo83LFJZJVRFtoQ-L6snyHiSXyqdHAHc3Q HTTP/1.1" 404 268 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
Any help would be greatly appreciated!