Tried Renew ssl got Invalid response from acme challenge

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: edupeer.com

I ran this command: sudo certbot --apache

It produced this output:Domain: www.edupeer.com
Type: unauthorized
Detail: Invalid response from
https://www.edupeer.com/.well-known/acme-challenge/tGwe2_KP2f1yxpdVTianVhBDcbrrFMQbENou1CKUtWw
[13.232.155.252]: "\n<link
rel=“stylesheet”
href=“https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/boots

Domain: edupeer.com
Type: unauthorized
Detail: Invalid response from
https://www.edupeer.com/.well-known/acme-challenge/PFRJFARDc3sodj4y7tDRX0UWVPTbFxMJH2Yc0hu867Y
[13.232.155.252]: "\n<link
rel=“stylesheet”
href=“https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/boots

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version):
Server version: Apache/2.4.18 (Ubuntu)
Server built: 2019-09-16T13:13:53

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
aws

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

Show us your apache configuration.

Everything was working fine till 31-03-220

In file 000-default.conf

<VirtualHost *:80>

        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
        RewriteEngine on
        RewriteCond %{SERVER_NAME} =beta.edupeer.com [OR]
        RewriteCond %{SERVER_NAME} =edupeer.com [OR]
        RewriteCond %{SERVER_NAME} =blog.edupeer.com [OR]
        RewriteCond %{SERVER_NAME} =www.edupeer.com
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>



<VirtualHost *:80>
        ServerName edupeer.com
        ServerAlias beta.edupeer.com www.edupeer.com
        ServerAdmin Edupeer
        #DocumentRoot /var/www/edupeer.com/v1/webapp/public/
        DocumentRoot /var/www/edupeer.com/public/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        <If "%{HTTP_HOST} != 'https://www.edupeer.com'">
                Redirect "/" "https://www.edupeer.com/"
        </If>
</VirtualHost>

please edit your post putting ```pre before each file and ``` after (each on a line by themselves)

In file 000-default-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName edupeer.com
        ServerAlias beta.edupeer.com www.edupeer.com
        ServerAdmin Edupeer
        #DocumentRoot /var/www/edupeer.com/v1/webapp/public/
        DocumentRoot /var/www/edupeer.com/public/

        <If "%{HTTP_HOST} != 'www.edupeer.com'">
                Redirect "/" "https://www.edupeer.com/"
        </If>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        #Include /etc/letsencrypt/options-ssl-apache.conf
        #SSLCertificateFile /etc/letsencrypt/live/edupeer.com/fullchain.pem
        #SSLCertificateKeyFile /etc/letsencrypt/live/edupeer.com/privkey.pem
        SSLEngine on
        SSLCertificateFile /etc/godaddy/edupeer.com/5fb3120d4063e03.crt
        SSLCertificateKeyFile /etc/godaddy/edupeer.com/edupeer.key
        SSLCertificateChainFile /etc/godaddy/edupeer.com/gd_bundle-g2-g1.crt

</VirtualHost>
</IfModule>

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName blog.edupeer.com
        ServerAdmin Edupeer
        DocumentRoot /var/www/blog.edupeer.com

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/blog.edupeer.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/blog.edupeer.com/privkey.pem
        #SSLEngine on
        #SSLCertificateFile /etc/godaddy/edupeer.com/5fb3120d4063e03.crt
        #SSLCertificateKeyFile /etc/godaddy/edupeer.com/edupeer.key
        #SSLCertificateChainFile /etc/godaddy/edupeer.com/gd_bundle-g2-g1.crt

</VirtualHost>
</IfModule>

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName contest.edupeer.com
        ServerAdmin Edupeer
        DocumentRoot /var/www/contest.edupeer.com

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        Include /etc/letsencrypt/options-ssl-apache.conf
        #SSLEngine on
        #SSLCertificateFile /etc/godaddy/edupeer.com/5fb3120d4063e03.crt
        #SSLCertificateKeyFile /etc/godaddy/edupeer.com/edupeer.key
        #SSLCertificateChainFile /etc/godaddy/edupeer.com/gd_bundle-g2-g1.crt

        SSLCertificateFile /etc/letsencrypt/live/contest.edupeer.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/contest.edupeer.com/privkey.pem
</VirtualHost>
</IfModule>

your second virtualhost (port 80) looks pointless, I think you should remove it.

your webroot is different on port 80 and port 443, this might confuse certbot.

try this command:

certbot renew -a webroot -w /var/www/edupeer.com/public/ -i apache

2 Likes

Thank you. It worked and renewed successfully.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.