I tried this morning to build a new way to renew without downtime my certificates, with Apache 2.4.18, on Ubuntu 16.04, using 0.21.1 certbot client. I have two domains, and I followed this way : https://gist.github.com/daronco/45eeb9223c57d240e60d094f8bee457e to build a common folder. One domain works perfectly fine, but the other donesn’t work… The ACME server can’t get the validation data, the URL doesn’t seem to be the good one… :
Why can’t it reach mydomain.com/.well-known ? and not mydomain.com.well-known ? The other domain has the exact same configuration, and it works perfectly. On Firefox, at https://mydomain.com/well-known/acme-challenge, I see the folder and the file who appears and disappears during the test, so the folder is publicy reachable… Thanks for your ideas !!
Of course you have a redirection. Most likely it will be a http -> https redirect, since the authorization you use will be tried for http first, but it ends up trying a https url.
ok, I see what you mean, ACME server try to access first in HTTP, and during the redirection, something wrongs ?
There is a way to avoid redirection just for something like http://floriandelaruelle.com/.well-known/acme-challenge ?
The second one is wrong because it needs to be https://floriandelaruelle.com/ rather than https://floriandelaruelle.com. This isn't Let's Encrypt-specific.
Oh my god ! It explains so many bugs I coulnd’t resolve these past years… Thanks a lot ! the dry-run worked, but I can’t recreate fresh certificates because the rates limits…
