Hi,
When I wanted to renew my certificates I got the following error message:
"Failed to renew certificate my-domain.fr with error: Some challenges have failed."
So I wanted to look at the ".well-known" folder and realized it was empty (certainly a bad manipulation on my part). 
But now, what should I do to regenerate this folder?
The version of my client is: certbot 2.1.0
That's to be expected, the contents of the /.well-known/acme-challenge/ directory are emphemeral and one time use only. So after usage (success or failure), the challenge files get deleted again.
Don't focus on the folder, focus on the complete error provided by the ACME server about why your challenges failed.
And for us to help you with that, we need all the answers to all the questions of the questionnaire, not just your ACME client name and version. Thus:
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.0
My domain is:
mehl-family.fr
I ran this command:
certbot -q renew --force-renewal
It produced this output:
Failed to renew certificate mehl-family.fr with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/mehl-family.fr/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
My web server is (include version):
apache2 v2.4.62
The operating system my web server runs on is (include version):
Debian 12
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.1.0
Port 80 is not accessible from the public Internet
See here Permanent link to this check report most all report "Connection refused" a few "Connection timed out".
The HTTP-01 challenge requires Port 80 access as stated "The HTTP-01 challenge can only be done on port 80."
Certbot can output way more about the error from the ACME server. Now it only shows the non-informative Certbot message. Try renewing without the -q (which stands for quiet, which is not useful when debugging things).
Please don't use this option. If there's an error with the authorization of the challenge, this option does NOT magically make any error go away. If not used properly, it can lead to hitting rate limits.
Port 80 is open on the server and my router (internet box) redirect this port to it.
But I have to stop my Apache server before launch certbot renew command, otherwise I receive this error:
Failed to renew certificate mehl-family.fr with error: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.
But...
I think I know where the problem comes from.
Indeed, the server from where I want to test (yes, it's a test) to renew the certificate is a kubernetes pod (running as a server), not a physical or virtual server. The IP address is perhaps the problem.
You can also consider using DNS domain validation instead of http domain validation if your networking is a bit complex: Welcome to certbot-dns-ovh’s documentation! — certbot-dns-ovh 0 documentation
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.