Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):28,29
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mydomain
http-01 challenge for www.mydomain
Using the webroot path /home/jerp/www/mydomain/public_html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Unable to clean up challenge directory
/home/jerp/www/mydomain/public_html/.well-known/acme-challenge
Failed authorization procedure. mydomain (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mydomain/.well-known/acme-challenge/3UcRZ2TS7ENTTrKnD8o5eBXPYqZBIFxnT23TXAr7D_I: "
If you’re sure the webroot path is correct, something is interfering with the ability for Apache to serve the challenge file. Do you have an .htaccess file at the root of your web directory?
You can create a /home/jerp/www/mydomain/public_html/.well-known/acme-challenge/test file and try and access it at http://mydomain.com/.well-known/acme-challenge/test to reproduce the issue. (Also please note the validation servers will ignore the security error you currently get when trying that.)
There are no other files in the web directory other than index.php, and .well-known/. The domain is currently showing content/ files from another domain on the server (that has a certificate), which sometimes happens when I have not set correct web directory permissions. I get 404 when trying to access the test file.
I did a ssllabs ssltest
and got:
Certificate name mismatch
We were able to retrieve a certificate for this site, but the domain names listed in it do not match the domain name you requested us to inspect.
Possible cause given, which corresponds to my situation:
The web site does not use SSL, but shares an IP address with some other site that does.
The ssltest result lists the domain which I mention in my last post that is replacing the domain I am trying to get a certificate for.
I have got the https warning - ! Not Secure. Be good if I could revert the request?
You will need to resolve this issue. If you need the certificate first in order to correct it, pass the webroot for the website that is actually being served from the domain right now, and then once you've fixed the server, update the renewal configuration file with the correct webroot so renewal will work later.
You can also just rerun certbot with the right path. It will get you a new certificate you don’t necessarily need, but it’s a bit safer that way because it will only update the renewal configuration file if it works.
The ‘renewal config file’ for the domain that was being served and which I rerun certbot on, looks fine. Should I now try and rerun certbot/ pass the webroot on the domain that I am trying to get a certificate for?
The domain I am trying to register does not exist in my server renewal dir.
When you visit your domain, you said a different website appears. Since that domain’s webroot is effectively the webroot for your new domain at the present time, you need to call certbot with that domain’s webroot, but keeping the new domains you want to issue for in the -d argument.
sudo certbot -a webroot -i nginx -w /path/to/oldsite.com -d newsite.com,www.newsite.com
Then you’ll have a certificate and you’ll be able to fix up the rest of your configuration and get the right webroot showing up at the website.
Only when the correct webroot works and loads on your site would you want to edit the renewal configuration file for the new domain, which will now exist, to replace the webroot from the other domain with the right one that now works.
