Unable to update security certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

api.lumo-edu.com

I ran this command:

sudo certbot renew

It produced this output:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: api.lumo-edu.com
Type: unauthorized
Detail: 18.196.141.23: Invalid response from http://api.lumo-edu.com/.well-known/acme-challenge/dambsJvl_iA087U6I1ZWhk0E7_MoiQydR_o-VxZHP6M: 404

My web server is (include version):

Server version: Apache/2.4.58 (Amazon Linux)

The operating system my web server runs on is (include version):

NAME="Amazon Linux"

VERSION="2023"

My hosting provider, if applicable, is:

amazon ec2

I can login to a root shell on my machine (yes or no, or I don't know):

Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 2.6.0

I had issues before, I think it is likely my problem relates to the set up of my ssl.conf for httpd.conf files. I am an amateur web developer, so any help is appreciated. Much thanks!

Close but more likely related to config of the VirtualHost handling port 80. An HTTP request from the Let's Encrypt server on port 80 isn't seeing the expected challenge token. That token is placed by Certbot in the webroot folder you used earlier. The "404" in the error message is an HTTP Not Found error.

A good place to start is showing us output of this

sudo apache2ctl -t -D DUMP_VHOSTS

You may need to use httpd instead of apache2ctl in the above command. I don't remember what AL2023 uses.

Hi mike, thanks a lot for your response. Here's what running the code gave me:

VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server api.lumo-edu.com (/etc/httpd/conf/httpd.conf:32)
         port 80 namevhost api.lumo-edu.com (/etc/httpd/conf/httpd.conf:32)
         port 80 namevhost api.lumo-edu.com (/etc/httpd/conf.d/api.lumo-edu.com.conf:1)
*:443                  api.lumo-edu.com (/etc/httpd/conf.d/ssl.conf:54)

Let me know if this gives you any insight- and thanks once more for your help

You have the same name and port defined twice. While Apache will startup with this it won't give consistent results.

I can make a good guess as to what you should do but it would be better for you to post the contents of both files. Use 3 backticks before and after so not to lose Apache tags to forum formatting. Like
```
config
```

Thank you!

File contents are as follows. Apologies from the top if they're a mess- did a lot of working and reworking with ChatGPT.

First file: /etc/httpd/conf/httpd.conf

ServerRoot "/etc/httpd"
Listen 80

# Load additional configurations
Include conf.modules.d/*.conf

User apache
Group apache

ServerAdmin root@localhost
DocumentRoot "/var/www/html"

# Basic Directory Permissions
<Directory />
    AllowOverride none
    Require all denied
</Directory>

<Directory "/var/www/html">
    AllowOverride None
    Require all granted
</Directory>

# Configuration for Certbot Challenge
<Directory "/var/www/html/.well-known/acme-challenge">
    AllowOverride None
    Options None
    Require all granted
</Directory>

# Main VirtualHost for the API
<VirtualHost *:80>
    ServerName api.lumo-edu.com
    DocumentRoot /var/www/html

    # ProxyPass settings for API
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:3000/
    ProxyPassReverse / http://127.0.0.1:3000/

    # Exclude .well-known from ProxyPass
    ProxyPass /.well-known/acme-challenge !

    # Alias for Certbot Challenges
    Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
    <Directory "/var/www/html/.well-known/acme-challenge">
        AllowOverride None
        Options None
        Require all granted
    </Directory>
</VirtualHost>

# Include additional configurations in conf.d
IncludeOptional conf.d/*.conf

Second file: /etc/httpd/conf.d/api.lumo-edu.com.conf

<VirtualHost *:80>
    ServerName api.lumo-edu.com
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:3000/
    ProxyPassReverse / http://127.0.0.1:3000/
</VirtualHost>

Hope this offers some clarity. Thanks again!

Yes, that you got some bad advice

I am going to have to leave you to another volunteer. I have a feeling this is going to take awhile to get you sorted out. I don't have that much time this afternoon for that. Maybe later today.

You could just delete that file in your conf.d folder. That VirtualHost isn't doing anything. That will at least fix the duplication problem.

No worries, thanks for your help so far!

renewing it in standalone mode proved successful. Issue now is I get the following error when curling:

url: (35) OpenSSL/3.0.8: error:0A00010B:SSL routines::wrong version number

I see this with curl, what was the command line you used?

$ curl -Ii https://api.lumo-edu.com
HTTP/1.1 503 Service Unavailable
Date: Sat, 02 Nov 2024 22:33:09 GMT
Server: Apache/2.4.58 (Amazon Linux) OpenSSL/3.0.8
Connection: close
Content-Type: text/html; charset=iso-8859-1

It has now been fixed, was a simple matter of running

npm start

Thanks to everybody for their help today.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.