Hi there,
This is my first post here and I’m facing a problem with automating the renew process with letsencrypt.
I’ve created a test site at http://testsite.my.domain and I want to obtain a test certificate for that site. I’ve created a include file for Apache with contents:
Alias /.well-known/acme-challenge/ "/var/www/acme-challenge/"
<Directory "/var/www/acme-challenge/">
AllowOverride None
Options Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
Require all granted
ForceType 'text/plain'
AddDefaultCharset Off
</Directory>
/var/www/acme-challenge/ is owned by the apache user and has 777 permissions. I include this config file in my testsite vhost file. If I try to access http://testsite.my.domain/.well-known/acme-challenge/ from the browser Apache returns a listing of the files inside the directory, so, this alias directory is accessible from the browser.
I execute this command (as root) to obtain the certificate:
certbot certonly --webroot --test-cert -w /home/www/vhosts/testsite/ -d testsite.my.domain -v
I get a 404 error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for testsite.my.domain
Using the webroot path /home/www/vhosts/testsite for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. testsite.my.domain (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://testsite.my.domain/.well-known/acme-challenge/JhzOOYXG8xo83LFJZJVRFtoQ-L6snyHiSXyqdHAHc3Q: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: testsite.my.domain
Type: unauthorized
Detail: Invalid response from
http://testsite.my.domain/.well-known/acme-challenge/JhzOOYXG8xo83LFJZJVRFtoQ-L6snyHiSXyqdHAHc3Q:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
What is the error here? In the vhost access log I get this:
66.133.109.36 - - [21/Apr/2017:20:17:54 +0300] "GET /.well-known/acme-challenge/JhzOOYXG8xo83LFJZJVRFtoQ-L6snyHiSXyqdHAHc3Q HTTP/1.1" 404 268 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
Any help would be greatly appreciated!