I am investigating why one attempt at sudo /usr/local/bin/certbot-auto --apache resulted in a acme-challenge failure, while a subsequent attempt was successful.
In my VPS, /var/www is a symlink to /data/www
In the main httpd.conf file, the document root remains as "/var/www/html"
In my own mydomain.com.conf file, the VirtualHost section looks like this:
<VirtualHost *:80>
ServerName mydomain.com
DocumentRoot “/var/www/html”
<Directory "/var/www/html">
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
I created a simple test1.html file, which was copied to all these locations: /data/www/html/.well-known/acme-challenge/test1.html /data/www/html/.well-known/test1.html /data/www/html/mytest/test1.html /data/www/html/test1.html
And I visit all the above via web browser, and the only one that fails (Wordpress’s 404) is: http://mydomain.com/.well-known/acme-challenge/test1.html
I would rename those as: /data/www/html/.well-known/acme-challenge/test4.html /data/www/html/.well-known/test3.html /data/www/html/mytest/test2.html /data/www/html/test1.html
[or modify their contents so that you can know exactly which one was reached]
I don't see why/how the root file was not reachable: http://mydomain.com/test1.html
should serve: /data/www/html/test1.html
If that fails, then you have some overlapping domain name issues.
What does this say?: apachectl -S
Thank you.
Not sure if you mis-read or I had a typo… but the file at the doc root was reachable.
Three (3 nos.) cases were reachable.
The only case that was not reachable was the one in the full path.
Then there may be some special handling for that gull path.
If this is a shared server, then you may need to speak with the admin about that.
If this is a dedicated server (and you are the admin), then you need to review the entire config for such a condition.
It is a VPS that I subscribed for just my own website, and I am the admin.
The .well-known directory and acme-challenge directory were both created by CertBot, or possibly by the LE WordPress plugin by “Go Web Smarty”.
What might be special about these directories? Where should I check? Because there’s nothing special about the dir permissions.
There is nothing "special" about those directories (usually - by default).
If any were created by anything other than cerbot, then we need to review that.
I would search through the config folders (or entire disk) for anything related to acme-challenge
[something (my guess is WordPress) has to be handling those requests "differently"]
Thanks. I had to look up a rewrite rule tester to find out what it does…
It rewrites http://example.com/.well-known/acme-challenge/foo to http://example.com/foo
Very curious why the WordPress LE plugin would create this rule.
And very curious how certbot eventually passed the challenge.
I am going to remove the WP plugin, (I had used it part way thru and encountered some problems, don’t really remember, before coming back to fix up my virtualhost so that I could use certbot-auto), sorry it is so convoluted, but I believe certbot-auto is working now. So I will remove the WP plugin.