Getting a cert through Let’s Encrypt is failing on me again. In the 404 message; should the complete URL be reported or is that not significant? I manually created the .well-known/acme-challenge directory and placed a test file in the directory and could access it through the browser. The validation file exists in the directory and is readable by everyone; 644. This is an Apache webserver. Http is redirected to https. Any suggestions on what to check?
Response Code: 404
Response:
404 Not Found
Not Found
The requested URL /.well-known/acme-challenge/uYiLJEBH6CdzqpzqCe65mE792JisQTN0y8wXRGAcIJw was not found on this server.
Turn the re-direct off and create the file (with the long weird name) in the .well-known directory and see if it gets the cert? Don’t do it too many times - you’ll get locked out from LE (or something similar) for 7 days.
This is getting old; it happens all the time by the number of posts on it yet no one can tell you want to do; check a, b, c, and d and 90% of the time it is c. Solution, quit using Let’s Encrypt. Or perhaps you can’t do it through Virtualmin. I don’t know. I know that there is a provider of certs that will give you one that is good for a year for $12.57 so why in the world should we continue to muck about with Let’s Encrypt every three months? It breaks when it does the autorenew so all your customers go screaming about your site is not secure, people are stealing my data. Then you scramble like mad trying to figure out why you can’t get the cert when it worked before. I create a VS; apply the Let’s Encrypt, then configure the SSL part of the site and then three months later it doesn’t apply the cert. It is almost as if I have to remove the ssl website option in Virtualmin to get this working but I am hesitant about trying that; and if that is the case, then in three months it will break, the members will scream about data being stolen and you repeat the whole mess. No, I think giving the two finger salute to Let’s Encyrpt is the way to go.
I got the exact same error as you. I created the relevant empty file in the location. Yes it is owned by root:root (after I created it) but it didn’t stop LE providing the cert.
I found a free cert provider; 90 days; that allows you to create and upload the certs manually. Takes only a few minutes. They do offer a cert bot but just set an alarm/notification/what-have-you to remind you when you need to reapply a certificate. I still think with some of the cheap providers now; and really, this should have never costs three and four hundred dollars as it did in the past, to just get a year cert and be done with it for a year; or even four years if you want to pay that much up front.
By the way Dibs; I did do as you stated. I still am not sure why it couldn’t download the file when I could by browsing to it. The one I just used had no problem getting the cert file for validation.