Yes there is an error in your HTML. You've failed to understand how the Apache server is configured and how that relates to the way your href should be defined.
If index.html is in /var/www I highly doubt that you're accessing it as http://localhost/var/www/index.html, I'm guessing you access it as http://localhost/ or http://localhost/index.html ...... which should lead you to the understanding that /payload.exe is also in the same place, etc, etc.
BTW: There is no big red "H4X0R 1T n0wz!" button, it'd be really smart of you to learn the basics before going and serving up exploit payloads without actually understanding some basics of how things work. Failing that you're likely going to waste someone's (or your own) money/time/effort cleaning up something you futzed
PS: Yes, you posted to the wrong area, this isn't an Expert topic or issue.