Hi,
I use letsencrypt to issue a certificate for a domain and I received the e-mail about the deprecated TLS-SNI-01 domain validation. So, I tried the recommended --dry-run test but it fails. The ACME client is certbot 0.22.2.
I need help to overcome this issue.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: vm1361.kaj.pouta.csc.fi
I ran this command: sudo certbot renew --dry-run --preferred-challenges http-01,dns-01
It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
_-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/vm1361.kaj.pouta.csc.fi.conf
_-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for vm1361.kaj.pouta.csc.fi
Waiting for verificationâŚ
Cleaning up challenges
Attempting to renew cert (vm1361.kaj.pouta.csc.fi) from /etc/letsencrypt/renewal/vm1361.kaj.pouta.csc.fi.conf produced an unexpected error: Failed authorization procedure. vm1361.kaj.pouta.csc.fi (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://vm1361.kaj.pouta.csc.fi/.well-known/acme-challenge/Eg7C5WkgxjcbY3OvPXy3MXiFcuOA3dU3DyhyPTSvm8c: â<!DOCTYPE HTML PUBLIC â-//IETF//DTD HTML 2.0//ENâ>\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<pâ. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/vm1361.kaj.pouta.csc.fi/fullchain.pem (failure)
_-------------------------------------------------------------------------------
** DRY RUN: simulating âcertbot renewâ close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/vm1361.kaj.pouta.csc.fi/fullchain.pem (failure)
** DRY RUN: simulating âcertbot renewâ close to cert expiry
** (The test certificates above have not been saved.)
_-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: vm1361.kaj.pouta.csc.fi
Type: unauthorized
Detail: Invalid response from
http://vm1361.kaj.pouta.csc.fi/.well-known/acme-challenge/Eg7C5WkgxjcbY3OvPXy3MXiFcuOA3dU3DyhyPTSvm8c:
â<!DOCTYPE HTML PUBLIC â-//IETF//DTD HTML
2.0//ENâ>\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found\n<pâTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): Apache 2.4.18
The operating system my web server runs on is (include version): Ubuntu 16.04 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I donât know): yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if youâre using Certbot): 0.22.2