Yet another "Challenge failed for domain..."

Hi all. I'm trying to install a certificate.. And yet, I encounter this challenge failed error.
Checked the DNS, it points at my domain. Access the domain, via browser and it works.. I'm at a loss.. Could anyone give me a hand ?
Thank you.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
medicalxpress.ro

I ran this command:
sudo certbot --apache

It produced this output:
IMPORTANT NOTES:

My web server is (include version):
Apache/2.4.18

The operating system my web server runs on is (include version):
ubuntu 16.04.7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.9.0

1 Like

Hi Silviu, and welcome to the LE community forum!

There is an IP problem with your domain name servers:
See: medicalxpress.ro | DNSViz
image

Also, from my view, both name servers return the same IP.
You can see a more complete DNS review at: DNS Spy report for medicalxpress.ro
image
[this is not ideal; as this puts all your eggs in one basket]

1 Like

@rg305 While it's true what you're saying, it's not the issue at hand. OP is getting a 404 file not found, not a DNS error.

@za_sly What's the output of apachectl -S?

2 Likes

Hi @rg305

Thanks for taking the time to answer....
I have no idea who 81.12.177.74 is.... :grimacing:
I will look into it.. as it seems weird....
5.2.151.201 is my external ip, and yes, I kow that both ns servers are identical.

2 Likes

Hi @Osiris
Thanks for replying.
apachectl -S actually gives me an error.... a syntax error, to be precise...

AH00526: Syntax error on line 44 of /etc/apache2/sites-enabled/000-apps.vhost:
SuexecUserGroup configured, but suEXEC is disabled: Invalid owner or file mode for /usr/lib/apache2/suexec
Action '-S' failed.

Now what.... ???

2 Likes

Try is as:
sudo apachectl -S

If that returns the same problem/error, then I guess you have to hunt that down - it would be an Apache configuration issue that may not be best resolved by this forum :frowning:

1 Like

Huh....
My bad... forgot about sudo...
Here it is... :slight_smile:
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73
VirtualHost configuration:
*:8081 ns1.medicalexpress.ro (/etc/apache2/sites-enabled/000-apps.vhost:9)
*:80 ns1.medicalexpress.ro (/etc/apache2/sites-enabled/000-default.conf:1)
*:8080 ns1.medicalexpress.ro (/etc/apache2/sites-enabled/000-ispconfig.vhost:9)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex fcgid-proctbl: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex fcgid-pipe: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: ENABLE_USR_LIB_CGI_BIN
User: name="www-data" id=33
Group: name="www-data" id=33

1 Like

It's kinda weird to have a virtualhost for your nameservers hostname ns1.medicalexpress.ro? Perhaps you don't have a ServerName set?

My advice would be to configure a separate VirtualHost in a separate file for your main site.
Another option would be to use the webroot authenticator.

1 Like

I did try the webroot, specifying the path... The same error.... :frowning:

1 Like

What was the path? Exactly the same as the DocumentRoot of the correct VirtualHost?

1 Like

What correct VirtualHost?
I see only:

which doesn't match the requested name:
medicalexpress.ro

Although apache will serve some content regardless of an unmatched name, we are unable to see which document root would be served in this situation.
If that is all that was output, then we need to take a look at this file:
/etc/apache2/sites-enabled/000-default.conf
To confirm the document root matches your --webroot command.
And to also review it to see why the apache installer failed to work.

1 Like

Exactly the path to the DocumentRoot... I had no idea VirtualHost is such a mess... :slight_smile:
/var/www/html

1 Like

Here is the file... As I can see, the path matches exactly....
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
1 Like

Please place a test file in the expected challenge folder:
[you need to create the complete path first, then create the test file]

mkdir /var/www/html/.well-known/
mkdir /var/www/html/.well-known/acme-challenge/
echo "just a test" > /var/www/html/.well-known/acme-challenge/test-1234

Then we try to access that test file from the Internet:
http://medicalexpress.ro/.well-known/acme-challenge/test-1234

NOTE: Please don't change the name of the test file.
It is specifically without an extension on purpose [to simulate a real challenge file name]

1 Like

Ok.
It's been done.
But, the URL is NOT
http://medicalexpress.ro/.well-known/acme-challenge/test-1234
but
http://medicalxpress.ro/.well-known/acme-challenge/test-1234
(medicalExpress is not hosted on my server, anymore.)
Nevertheless, I get

Not Found

The requested URL was not found on this server.
Apache/2.4.18 (Ubuntu) Server at medicalxpress.ro Port 80
when I try to access that page...

The file is there...
administrator@ns1:~ ls -all /var/www/html/.well-known/acme-challenge/ total 12 drwxr-xr-x 2 root root 4096 Nov 26 17:34 . drwxr-xr-x 3 root root 4096 Nov 26 17:27 .. -rw-r--r-- 1 root root 12 Nov 26 17:34 test-1234 as you can see... And... administrator@ns1:~ cat /var/www/html/.well-known/acme-challenge/test-1234
just a test

1 Like

Then this problem has to be fixed first.

Please show the complete output of:
apachectl -S
[you may have to use sudo]
If it is the same as posted above, then you may need to include this short name in the file:
/etc/apache2/sites-enabled/000-default.conf
You can do this by adding a line after ServerName ns1.medicalexpress.ro
with:
ServerAlias medicalxpress.ro

Then restart Apache and retest access to the test-1234 file.

1 Like

Actually, given this bit of information:

You may want to replace all:
medicalexpress
with
medicalxpress

1 Like

There is no such directive in the virtualhost, the hostname is probably taken from the servers hostname.

1 Like

This seems to indicate otherwise:

1 Like

A configuration file has been pasted above, did you see that one?

1 Like