Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:
certbot-auto certonly -d admin.bios-living.com --webroot -w /usr/local/apache2/htdocs --deploy-hook “/usr/local/apache2/bin/apachectl -k graceful”
It produced this output:
aps:/ # certbot-auto certonly -d admin.bios-living.com --webroot -w /usr/local/apache2/htdocs --deploy-hooksr/local/apache2/bin/apachectl -k graceful"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for admin.bios-living.com
Using the webroot path /usr/local/apache2/htdocs for all unmatched domains.
Waiting for verification…
Challenge failed for domain admin.bios-living.com
http-01 challenge for admin.bios-living.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: admin.bios-living.com
Type: unauthorized
Detail: Invalid response from
http://admin.bios-living.com/.well-known/acme-challenge/FsGMxjZI7VqmJYx8T_i7fXL6NGFVIKgIpXlGf7kIBGY
[96.57.23.85]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
apache 2.4
The operating system my web server runs on is (include version):
Artix Linux
My hosting provider, if applicable, is:
none
I can login to a root shell on my machine (yes or no, or I don’t know):
yes - I am root
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
NEver
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
aps:/ # certbot-auto --version
certbot 1.4.0
I am very let down by lets encrypt. I have no clue what it is doing. I had to create an alias and a directory in Apache for LS ACME which looks like this, and OBVIOUSLY is it not being used for found
The documentation seems to be incorrect. The key part is this:
The webroot plugin works by creating a temporary file for each of your requested domains in ${webroot-path}/.well-known/acme-challenge . Then the Let’s Encrypt validation server makes HTTP requests to validate that the DNS for each requested domain resolves to the server running certbot. An example request made to your web server would look like:
If you’re running a local webserver for which you have the ability to modify the content being served, and you’d prefer not to stop the webserver during the certificate issuance process, you can use the webroot plugin to obtain a certificate by including certonly and --webroot on the command line. In addition, you’ll need to specify --webroot-path or -w with the top-level directory (“web root”) containing the files served by your webserver. For example, --webroot-path /var/www/html or --webroot-path /usr/share/nginx/html are two common webroot paths.
I had to pull /.well-known/acme-challenge out of the docroot because LS was blocked by the SSL and the authentication.
It should have two simple to understand options on the command line: The aparent URI ROOT to querry, amd the FILE locationt to write the token to. Is that not what it is doing? It is generating a token, writing the token under the webserver, and fetching it in order to prove you have control of the webserver. Once I understand how it works, I will be happy to re-edit the documentation so that it is clearer.