My domain is: https://v2025.afn-permis-bateau.fr/
I ran this command: dehydrated -c
It produced this output:
Processing v2025.afn-permis-bateau.fr
- Checking domain name(s) of existing cert... unchanged.
- Checking expire date of existing cert...
- Valid till Jan 30 12:02:51 2025 GMT (Less than 30 days). Renewing!
- Signing domains...
- Generating private key...
- Generating signing request...
- Requesting new certificate order from CA...
- Received 1 authorizations URLs from the CA
- Handling authorization for v2025.afn-permis-bateau.fr
- 1 pending challenge(s)
- Deploying challenge tokens...
- Responding to challenge for v2025.afn-permis-bateau.fr authorization...
- Cleaning challenge tokens...
- Challenge validation has failed
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "http-01"
["url"] "https://acme-v02.api.letsencrypt.org/acme/chall/2027140707/469935549725/Uv3eCw"
["status"] "invalid"
["validated"] "2025-02-02T12:58:20Z"
["error","type"] "urn:ietf:params:acme:error:unauthorized"
["error","detail"] "164.132.170.83: Invalid response from https://afn-permis-bateau.fr/.well-known/acme-challenge/YQhMh9ZTLSyspRNjJq09tbwQxI2pGpQmk8yCx6MQNYY: 404"
["error","status"] 403
["error"] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"164.132.170.83: Invalid response from https://afn-permis-bateau.fr/.well-known/acme-challenge/YQhMh9ZTLSyspRNjJq09tbwQxI2pGpQmk8yCx6MQNYY: 404","status":403}
["token"] "YQhMh9ZTLSyspRNjJq09tbwQxI2pGpQmk8yCx6MQNYY"
["validationRecord",0,"url"] "http://v2025.afn-permis-bateau.fr/.well-known/acme-challenge/YQhMh9ZTLSyspRNjJq09tbwQxI2pGpQmk8yCx6MQNYY"
["validationRecord",0,"hostname"] "v2025.afn-permis-bateau.fr"
["validationRecord",0,"port"] "80"
["validationRecord",0,"addressesResolved",0] "135.125.118.74"
["validationRecord",0,"addressesResolved"] ["135.125.118.74"]
["validationRecord",0,"addressUsed"] "135.125.118.74"
["validationRecord",0] {"url":"http://v2025.afn-permis-bateau.fr/.well-known/acme-challenge/YQhMh9ZTLSyspRNjJq09tbwQxI2pGpQmk8yCx6MQNYY","hostname":"v2025.afn-permis-bateau.fr","port":"80","addressesResolved":["135.125.118.74"],"addressUsed":"135.125.118.74"}
["validationRecord",1,"url"] "https://afn-permis-bateau.fr/.well-known/acme-challenge/YQhMh9ZTLSyspRNjJq09tbwQxI2pGpQmk8yCx6MQNYY"
["validationRecord",1,"hostname"] "afn-permis-bateau.fr"
["validationRecord",1,"port"] "443"
["validationRecord",1,"addressesResolved",0] "164.132.170.83"
["validationRecord",1,"addressesResolved"] ["164.132.170.83"]
["validationRecord",1,"addressUsed"] "164.132.170.83"
["validationRecord",1] {"url":"https://afn-permis-bateau.fr/.well-known/acme-challenge/YQhMh9ZTLSyspRNjJq09tbwQxI2pGpQmk8yCx6MQNYY","hostname":"afn-permis-bateau.fr","port":"443","addressesResolved":["164.132.170.83"],"addressUsed":"164.132.170.83"}
["validationRecord"] [{"url":"http://v2025.afn-permis-bateau.fr/.well-known/acme-challenge/YQhMh9ZTLSyspRNjJq09tbwQxI2pGpQmk8yCx6MQNYY","hostname":"v2025.afn-permis-bateau.fr","port":"80","addressesResolved":["135.125.118.74"],"addressUsed":"135.125.118.74"},{"url":"https://afn-permis-bateau.fr/.well-known/acme-challenge/YQhMh9ZTLSyspRNjJq09tbwQxI2pGpQmk8yCx6MQNYY","hostname":"afn-permis-bateau.fr","port":"443","addressesResolved":["164.132.170.83"],"addressUsed":"164.132.170.83"}])
My web server is (include version):
Apache 2.4.62
The operating system my web server runs on is (include version):
Debian 12
I can login to a root shell on my machine (yes or no, or I don't know): YES
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):Dehydrated version: 0.7.0
Ok, so to make it clear..
I'm moving from a server to another one.
the original url is afn-permis-bateau.fr. which points to the old server
I've made another virtualHost v2025.afn-permis-bateau.fr which points to the new server
it was working, but when cron tried to do the renewal of the certificates, it seems that the authorization asks the old server instead of the new one.
In my domains.txt, i've got this line
v2025.afn-permis-bateau.fr
No mention of the "base" url afn-permis-bateau.fr
Why is letsencrypt trying to validate v2025.afn-permis-bateau.fr by asking afn-permis-bateau.fr ?