Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The "404" says your Apache did not find the challenge token file that Certbot placed in the --webroot-path folder. You set this folder when you originally got your cert.
Would you show output of this
sudo certbot certificates
and this
sudo apachectl -t -D DUMP_VHOSTS
You may need httpd or apache2ctl instead of apachectl. I don't remember which one Oracle Linux uses.
# renew_before_expiry = 30 days
version = 2.11.0
archive_dir = /etc/letsencrypt/archive/portal.atg-x.com
cert = /etc/letsencrypt/live/portal.atg-x.com/cert.pem
privkey = /etc/letsencrypt/live/portal.atg-x.com/privkey.pem
chain = /etc/letsencrypt/live/portal.atg-x.com/chain.pem
fullchain = /etc/letsencrypt/live/portal.atg-x.com/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = 110dc02ffc01472ec4d0e1a5f483ce51
authenticator = webroot
webroot_path = /var/www/html,
server = https://acme-v02.api.letsencrypt.org/directory
key_type = ecdsa
[[webroot_map]]
/etc/httpd/conf.d/portal.atg-nexus.com.conf
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 120
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
KeepAlive Off
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
KeepAliveTimeout 15
Listen *:80
<VirtualHost *:80>
ServerName atgcert
ServerAlias portal.atg-nexus.com
DocumentRoot /var/www/portal.atg-nexus.com/html/
ErrorLog /var/log/httpd/portal.atg-nexus.com_error.log
CustomLog /var/log/httpd/portal.atg-nexus.com.log combined
# Enable the rewrite engine for HTTPS redirection
RewriteEngine on
# Redirect all requests to HTTPS if they are for portal.atg-nexus.com
RewriteCond %{SERVER_NAME} =portal.atg-nexus.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,NE,R=permanent]
</VirtualHost>
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule headers_module modules/mod_headers.so
# Enable Reverse Proxy
ProxyPreserveHost On
# Removes the Origin header to avoid potential CORS restrictions.
RequestHeader unset Origin
ProxyPass /redmine http://192.168.1.20/redmine
ProxyPassReverse /redmine http://192.168.1.20/redmine
ProxyPass /eClaim http://192.168.1.38/eClaim
ProxyPassReverse /eClaim http://192.168.1.38/eClaim
ProxyPass /eLeave http://192.168.1.38/eLeave
ProxyPassReverse /eLeave http://192.168.1.38/eLeave
# For APEX Sales
ProxyPass /sales/login http://192.168.1.85:8089/ords/sales/r/sales/login
ProxyPassReverse /sales/login http://192.168.1.85:8089/ords/sales/r/sales/login
# For APEX Source Tracking File
ProxyPass /source-file-tracking/login http://192.168.1.85:8089/ords/sourcecode/r/source-file-tracking/login
ProxyPassReverse /source-file-tracking/login http://192.168.1.85:8089/ords/sourcecode/r/source-file-tracking/login
# For ORDS file
ProxyPass /ords http://192.168.1.85:8089/ords
ProxyPassReverse /ords http://192.168.1.85:8089/ords
# For Images
ProxyPass /i http://192.168.1.85:8089/i
ProxyPassReverse /i http://192.168.1.85:8089/i
# For APEX Opportunity Tracker
#ProxyPass /opportunity_tracker/login http://192.168.1.68:8080/ords/development/r/opportunity_tracker/login
#ProxyPassReverse /opportunity_tracker/login http://192.168.1.68:8080/ords/development/r/opportunity_tracker/login
#ProxyPass /ords http://192.168.1.68:8080/ords
#ProxyPassReverse /ords http://192.168.1.68:8080/ords
#ProxyPass /i http://192.168.1.68:8080/i
#ProxyPassReverse /i http://192.168.1.68:8080/i
#Include conf.d/opportunity_tracker.atg-nexus.com.conf
The reason for the 404 (HTTP Not Found) is the --webroot-path does not match the DocumentRoot for the VirtualHost handling incoming HTTP requests on port 80.
Usually there is one VirtualHost for each related set of domain names for the same port. Yet, in your Apache there is only one VirtualHost for port 80 and it names portal.atg-nexus.com. This is not the same as the domain name renewal that fails. Since you have only one this becomes the default VHost for all requests (per Apache rules).
It is technically allowed to have just one VHost and act as default for various (un-named) domains but it is usually poor practice. And, all domains handled by that Apache now get processed by that same VirtualHost code. Including the DocumentRoot (which we can see does not match what you had before).
What has changed about your Apache config since you last got a good cert? Because from what I see this could never have worked to get your first cert (or a prior renewal).
I am logging off the for the night but hopefully this is enough for you to figure out what changed with your system.
Actually I have multiple name such as portal.atg-nexus.com, portal.atg-x.com and intranet.atg-nexus.com. It was due to no having a proper knowledge about managing web server with multiple name. I just thought by doing this, it allow me to troubleshooting easily. This is more like try and error I would say.
Oh ya! I didn't realize there is another config on renewal directory.