401 Client Error: UNAUTHORIZED for url

My domain is: clearpath.site

I ran this command: sudo certbot renew

It produced this output:

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator dns-linode, Installer apache
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for clearpath.site
dns-01 challenge for clearpath.site
Unsafe permissions on credentials configuration file: /home/david/linode.ini
Cleaning up challenges
Attempting to renew cert (clearpath.site) from /etc/letsencrypt/renewal/clearpath.site.conf produced an unexpected error: Error determining zone identifier for clearpath.site: 401 Client Error: UNAUTHORIZED for url: https://api.linode.com/v4/domains.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/clearpath.site/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/clearpath.site/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

My web server is (include version): Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 19.10 (GNU/Linux 5.3.0-55-generic x86_64)

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

terminal

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.36.0

what does this mean?

1 Like

This error almost certainly means your API key is incorrect or lacks access to the "Domains" scope.

Have you checked whether perhaps the token has expired, in the Linode API Tokens interface?

1 Like

It has been so long since I have dealt with all this so excuse my ignorance.

Could Linode have changed something? Nothing has been changed on my server since last renew.

Not sure. Do you have access to the Linode account to see whether any tokens still exist under https://cloud.linode.com/profile/tokens?

Maybe an expiry was specified for the token, or somebody just straight up deleted it.

2 Likes

Oh, yup. Looks like the API token expired/deleted. I just talked to support and they said it automatically deletes after 6 months.

Is there a tutorial for setting up a new key on this and connecting it to my current certbot or do I have to go through the process all again? IIRC I had quite a hard time getting it to work the first time

I have the proper commands for installing and reinstalling… saved in a txt file…

certbot \
  --dns-linode \
  --dns-linode-credentials ~/linode.ini \
  -i apache \
  -d clearpath.site \
  -d *.clearpath.site

and…

sudo certbot --reinstall -d clearpath.site -d *.clearpath.site

But how do I hook up a new API key to this? I assume it is in the conf file?

1 Like

Well, you pretty much just press Add Personal Access Token on the Linode page, change the Domains row to Read/Write, set the Expiry to Never, set Label to Certbot, and press Create Token.

It will show you something like:

Your personal access token has been created. Store this secret. It won't be shown again.

00943bbaa9440c1c40bb2d1aec5e204629c38c73607098117ef2bb6d98b26ddf

and then you copy that value into your ~/linode.ini, changing the dns_linode_key line to use that value instead of the old value.

Then you can try renew.

2 Likes

Ahh that is right! It is the linode.ini file! Now I remember. Thanks a bunch!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.