Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): Apache/2.4.52 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 22.04 LTS
My hosting provider, if applicable, is: None. Self hosted.
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): cerbot 1.21.0
The only thing that I have messed with that possibly could have pointed it to AWS is my attempt at resolving this by using Bind9 and following the direction here Service - Domain Name Service (DNS) | Ubuntu
It did tell me to change my DNS to my ISP's DNS server.
I don't know how to help you. To use the HTTP challenge to get a cert you must have a working website accessible using HTTP. But, AWS is responding to http requests, not your Apache server on Ubuntu. See curl test below.
As another note, normally with AWS Global Accel it terminates SSL (TLS) connections at its edge. I think you are better off asking GoDaddy some questions how this got setup.
curl -i ajb.rocks/.well-known/acme-challenge/ForumTest123
HTTP/1.1 404 Not Found
Date: Fri, 10 Jun 2022 02:37:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 125
Connection: keep-alive
Server: ip-10-123-123-198.ec2.internal
X-Request-Id: 32995df2-23e5-4662-90d3-0e45bf1a0a2a
<!DOCTYPE HTML><html lang='en-us'><head><title>** Not Found **</title></head><body>HTTP Status: 404 (not found)</body></html>
Does the below page mean anything to you? Especially 5e.Tools. This is what your domain is replying with as a "home page".
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head>
<title>** Private clone of 5e.Tools **</title>
<meta name="description" content="This is a website is for private use only." /><meta name="keywords" content="" /></head>
<frameset rows="100%,*" border="0">
<frame src="http://45.23.186.64" frameborder="0" /></frameset></html>
Yeah, that information was input by me in the Forwarding options for the domain on GoDaddy's website.The 5e.tools is the website I'm rehosting on my own box.
Possibly? I think what I filled out was how to point the domain to a specific IP address. The field is specifically called Forwarding, Domain, which gives me an option to forward an http:// and/or an https://. So far, I've only forwarded an http:// to my IP address and have done nothing with the https:// option.
That sounds like URL forwarding. Your domain name must point to a specific IP address and you use A (and AAAA records for IPv6) to do that. You don't have that so contact GoDaddy on how to do it.
I'm looking at the DNS records on the Domain Settings in GoDaddy's panel. I see the two IP address you referred to as AWS IPs. When I contact GoDaddy, what should I request them changed to?
The DNS Records for Type A and Type AAAA were un-editable on the GoDaddy site because I had a Forwarding rule set up. Once I deleted that rule, I was able to edit my A and AAAA DNS settings successfully. After the changes took effect, certbot was able to successfully deploy a certificate.
Well good. But did you change anything after getting the cert? Because a Let's Debug test currently fails so future renewals don't look like they would work