My domain is: https://mail.westcoasttechnology.net/
I ran this command: sudo certbot renew
It produced this output:
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.westcoasttechnology.net
Cleaning up challenges
Attempting to renew cert (mail.westcoasttechnology.net) from /etc/letsencrypt/renewal/mail.westcoasttechnology.net.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the webroot for mail.westcoasttechnology.net:. Skipping.
My web server is: nginx/1.14.2
The operating system my web server runs on is: Raspbian GNU/Linux 10 (buster)
My hosting provider is: n/a
I can login to a root shell on my machine: Yes
I'm using a control panel to manage my site: No
The version of my client is: certbot 0.31.0
More info:
I have seven domain names, all currently running on the same home server. Six of them renew fine, one doesn't. A few weeks back when it was about to expire I tried a bunch of stuff (can't remember what), but all I got was different errors. I know that when I first set it all up I issued a certificate for *.westcoasttechnology.net, I then decided that I only wanted the certificate for the mail subdomain, so reissued that, and everything seemed to work. I think it's even renewed once without issue, but not now. The other odd thing is that the certificate for *.westcoasttechnology.net HAS been reissued, but I can't find anywhere in my setup where that should happen.
If I run:
sudo certbot certonly --webroot --webroot-path /var/www/mail.westcoasttechnology.net/ --renew-by-default --email REMOVED --agree-tos -d mail.westcoasttechnology.net
I get:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.westcoasttechnology.net
Using the webroot path /var/www/mail.westcoasttechnology.net for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mail.westcoasttechnology.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://mail.westcoasttechnology.net/.well-known/acme-challenge/6WYSpdd-oaN6lcCh10LxLXjUOw-b9FZx5KV91queO3A [2606:4700:3032::6815:23e0]: "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]> <html class=\"no-js "
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mail.westcoasttechnology.net
Type: unauthorized
Detail: Invalid response from
https://mail.westcoasttechnology.net/.well-known/acme-challenge/6WYSpdd-oaN6lcCh10LxLXjUOw-b9FZx5KV91queO3A
[2606:4700:3032::6815:23e0]: "<!DOCTYPE html>\n<!--[if lt IE 7]>
<html class=\"no-js ie6 oldie\" lang=\"en-US\">
<![endif]-->\n<!--[if IE 7]> <html class=\"no-js "
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I'm pretty new to all this, so any pointers would be great!