I have been able to renew my certificates before, this is the first time I have experienced such an issue. This issue is happening to all my domains setup via Virtual Hosts. All of them are throwing a 404 error, and I confirmed that I can access test files on each one individually (like the example link provided above). How should I go about solving this problem?
Tried uploading the log file here, but it seems that filetype is not allowed. Since it is fairly long, and I was unsure what parts you needed, you can find the file here:
@bmw it looks like this is a recent Certbot trying to do HTTP-01 with --apache behind CloudFlare. It creates some rules related to /.well-known/acme-challenge in a virtual host, but CloudFlare sends a 301 for HTTP → HTTPS and then the origin server apparently serves a default CMS page rather than the challenge file. I don’t know if it might have worked but for the redirect? Maybe the rules that the Apache plugin created only apply to the HTTP virtual host and not the HTTPS one… does that make sense?
(I also don’t know if the 301 redirect was originally triggered by the origin server or by some kind of CloudFlare configuration, because I don’t think CloudFlare explains exactly why it’s redirecting you.)
Right, it’s possible that this is a slightly obscure bug in Certbot which is only noticeable in cases where someone uses CloudFlare or another reverse proxy CDN this way. Let’s see what @bmw thinks about it.
I’m glad you were able to find a way to renew your certificate.
What’s going on here is Certbot knows nothing about your external redirect so it sets things up to serve the challenge over HTTP but that request never comes because Cloudflare is redirecting the request to HTTPS. This is a bit hard for us because I’m unaware of a way for us to reliably detect configuration outside of Apache like this, but I created https://github.com/certbot/certbot/issues/5763 to consider just always modifying HTTPS vhosts as well which would work around this problem.