Thanks for the quick response.
I tried the command earlier from one of the posts I found, this didn't work I get the same error.
root@training:/var/log/letsencrypt# certbot renew --dry-run --debug-challenges -v
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/.conf
Requested authenticator <certbot.cli._Default object at 0x7fc658434978> and installer <certbot.cli._Default object at 0x7fc658434978>
Var dry_run=True (set by user).
Var server={'dry_run', 'staging'} (set by user).
Var dry_run=True (set by user).
Var server={'dry_run', 'staging'} (set by user).
Var account={'server'} (set by user).
Cert not due for renewal, but simulating renewal for dry run
Requested authenticator apache and installer apache
Apache version is 2.4.18
Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7fc658412be0>
Prep: True
Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7fc658412be0>
Prep: True
Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0x7fc658412be0> and installer <certbot_apache.override_debian.DebianConfigurator object at 0x7fc658412be0>
Plugins selected: Authenticator apache, Installer apache
Picked account: <Account(RegistrationResource(body=Registration(terms_of_service_agreed=None, key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fc658434390>)>), only_return_existing=None, status='valid', agreement=None, contact=()), uri='https::acme-staging-v02.api.letsencrypt.org/acme/acct/6121019', new_authzr_uri=None, terms_of_service='https::letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'), 7890f538b79c5720d45ab4766acacf88, Meta(creation_dt=datetime.datetime(2018, 5, 20, 19, 28, 48, tzinfo=), creation_host='ip-172-31-17-97.eu-west-1.compute.internal'))>
Sending GET request to https::acme-staging-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
https::acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 724
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 01 Feb 2019 09:29:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 01 Feb 2019 09:29:44 GMT
Connection: keep-alive
{
"atPduBvaGxc": "https::community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https::acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https::letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https::letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https::acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https::acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https::acme-staging-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https::acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
Renewing an existing certificate
Requesting fresh nonce
Sending HEAD request to https::acme-staging-v02.api.letsencrypt.org/acme/new-order.
https::acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-order HTTP/1.1" 405 0
Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 103
Allow: POST
Replay-Nonce: aOFjsLEvFzOVqygq71P-FD3Nk29WpdIQMoIO1fVH7w4
Expires: Fri, 01 Feb 2019 09:29:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 01 Feb 2019 09:29:44 GMT
Connection: keep-alive
Storing nonce: aOFjsLEvFzOVqygq71P-FD3Nk29WpdIQMoIO1fVH7w4
JWS payload:
b'{\n "status": "pending",\n "identifiers": [\n {\n "type": "dns",\n "value": ""\n }\n ],\n "resource": "new-order"\n}'
Sending POST request to https::acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"signature": "HcEap3TNkL5lssML5iQNnuvP_9phjOhZ_UAeYu1rceTBBX0Ulhu2d8C_FGYegnaCqidWXeA2Oou0wyF87MvDiWTPfeSdOYAKLKbw9KDSYR6C2p8BkkmN_IA44hUZcpmri2f23StDRRVzJPLqTzrLv4NRy_2BRFjA5YHH-bud5_Z46ShrgwrRiW69QKz0-ThENRURVx8L3nC3lC_GoTK6Ow7ziiEpkYW7wdoaYEVVlafPUrnZZVqdvW36QQ3QusAjIa1JcsuvoWYI9kM-KA5Sxo1P41O-Fk9eTJnWLm39jECt8sZ2LZYT2jnoidInDFWN3qI72RUBbYuNIGMPXKa2Fg",
"payload": "ewogICJzdGF0dXMiOiAicGVuZGluZyIsCiAgImlkZW50aWZpZXJzIjogWwogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAidHJhaW5pbmcuY2hlbG1zZm9yZHN0YXIuY29vcCIKICAgIH0KICBdLAogICJyZXNvdXJjZSI6ICJuZXctb3JkZXIiCn0",
"protected": "eyJhbGciOiAiUlMyNTYiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogImFPRmpzTEV2RnpPVnF5Z3E3MVAtRkQzTmsyOVdwZElRTW9JTzFmVkg3dzQiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82MTIxMDE5In0"
}
https::acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 401
Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 401
Boulder-Requester: 6121019
Location: https::acme-staging-v02.api.letsencrypt.org/acme/order/6121019/22257986
Replay-Nonce: 23gU4CYbqU-izspSeKAkBPzoiL0KR4Mpt9l1_Qli8pM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 01 Feb 2019 09:29:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 01 Feb 2019 09:29:44 GMT
Connection: keep-alive
{
"status": "pending",
"expires": "2019-02-08T09:29:44.613778154Z",
"identifiers": [
{
"type": "dns",
"value": ""
}
],
"authorizations": [
"https::acme-staging-v02.api.letsencrypt.org/acme/authz/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4"
],
"finalize": "https::acme-staging-v02.api.letsencrypt.org/acme/finalize/6121019/22257986"
}
Storing nonce: 23gU4CYbqU-izspSeKAkBPzoiL0KR4Mpt9l1_Qli8pM
Sending GET request to https::acme-staging-v02.api.letsencrypt.org/acme/authz/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4.
https::acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4 HTTP/1.1" 200 941
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 941
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 01 Feb 2019 09:29:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 01 Feb 2019 09:29:44 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": ""
},
"status": "pending",
"expires": "2019-02-08T09:29:44Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https::acme-staging-v02.api.letsencrypt.org/acme/challenge/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4/236247309",
"token": "6_UO_gkFhRVv3xvKAxrl8jIqZ3uCE1yzNG-fv8T9PNk"
},
{
"type": "dns-01",
"status": "pending",
"url": "https::acme-staging-v02.api.letsencrypt.org/acme/challenge/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4/236247310",
"token": "8ZzXza5dfHREVnuAkYn1Fb4vvAMqyz-9qNk3lFWrSCE"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https::acme-staging-v02.api.letsencrypt.org/acme/challenge/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4/236247311",
"token": "LwWmNNxUon0way3dSaemzCOyXU-ir5K3c2W2ExXsY3A"
}
]
}
Performing the following challenges:
http-01 challenge for
Adding a temporary challenge validation Include for name: in: /etc/apache2/sites-enabled/000-default.conf
writing a pre config file with text:
RewriteEngine on
RewriteRule ^/.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted
<Location /.well-known/acme-challenge>
Require all granted
Creating backup of /etc/apache2/sites-enabled/000-default.conf
Waiting for verification...
Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.
JWS payload:
b'{\n "type": "http-01",\n "resource": "challenge",\n "keyAuthorization": "6_UO_gkFhRVv3xvKAxrl8jIqZ3uCE1yzNG-fv8T9PNk.5DcHnnNnvhL_IPTAtyPDnJRXZalmVs5jYwcsfnDwL_0"\n}'
Sending POST request to https::acme-staging-v02.api.letsencrypt.org/acme/challenge/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4/236247309:
{
"signature": "uRxNUU_uOdxQgcQVbQpv6mdjPptbP6B4AWWy_oAMCaTDUIeawwp38ZsaiXjTc10Lpeq2sNJZKUAtzeS8nsY7yJ8B9Jd4Wn2QvXjDVhbhhr4t_MeiVClEYloIJ6F1ShApdhw1XjARjUM6Zkqxwhr6Pl9Cn7XRUbFGatfMKsHOA06WkS5YsmGx5-6Wff952QJtL_L0fw2mdWhDffnyyQchgFK0JlAW3hl4uTCSyEzIyfB73QfZLywAa0c1uxv0-833NAPYoHAGXt9SbcaCLNo9FkSh5jGi-g-9VtYw937LmTUUBOHTcZ1eQyL4gNcMgC6gDQbzWbl4duo_HYGyFGS_Qw",
"payload": "ewogICJ0eXBlIjogImh0dHAtMDEiLAogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJrZXlBdXRob3JpemF0aW9uIjogIjZfVU9fZ2tGaFJWdjN4dktBeHJsOGpJcVozdUNFMXl6TkctZnY4VDlQTmsuNURjSG5uTm52aExfSVBUQXR5UERuSlJYWmFsbVZzNWpZd2NzZm5Ed0xfMCIKfQ",
"protected": "eyJhbGciOiAiUlMyNTYiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL2g5RWtDWHdBX3NyeDhoOEFtNkRCU1ZhU0UzMV95OGh4M2ctSnFXWTFiVTQvMjM2MjQ3MzA5IiwgIm5vbmNlIjogIjIzZ1U0Q1licVUtaXpzcFNlS0FrQlB6b2lMMEtSNE1wdDlsMV9RbGk4cE0iLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82MTIxMDE5In0"
}
https::acme-staging-v02.api.letsencrypt.org:443 "POST /acme/challenge/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4/236247309 HTTP/1.1" 200 230
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 230
Boulder-Requester: 6121019
Link: https::acme-staging-v02.api.letsencrypt.org/acme/authz/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4;rel="up"
Location: https::acme-staging-v02.api.letsencrypt.org/acme/challenge/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4/236247309
Replay-Nonce: _qA52Y2_VRbGL8taKfRq1Gi29byiDbjvnL3sfqALVGI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 01 Feb 2019 09:29:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 01 Feb 2019 09:29:48 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"url": "https::acme-staging-v02.api.letsencrypt.org/acme/challenge/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4/236247309",
"token": "6_UO_gkFhRVv3xvKAxrl8jIqZ3uCE1yzNG-fv8T9PNk"
}
Storing nonce: _qA52Y2_VRbGL8taKfRq1Gi29byiDbjvnL3sfqALVGI
Sending GET request to https::acme-staging-v02.api.letsencrypt.org/acme/authz/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4.
https::acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4 HTTP/1.1" 200 2163
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 2163
Expires: Fri, 01 Feb 2019 09:29:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 01 Feb 2019 09:29:51 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": ""
},
"status": "invalid",
"expires": "2019-02-08T09:29:44Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from http::/.well-known/acme-challenge/6_UO_gkFhRVv3xvKAxrl8jIqZ3uCE1yzNG-fv8T9PNk: "\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eNot Found\u003c/h1\u003e\n\u003cp"",
"status": 403
},
"url": "https::acme-staging-v02.api.letsencrypt.org/acme/challenge/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4/236247309",
"token": "6_UO_gkFhRVv3xvKAxrl8jIqZ3uCE1yzNG-fv8T9PNk",
"validationRecord": [
{
"url": "http::/.well-known/acme-challenge/6_UO_gkFhRVv3xvKAxrl8jIqZ3uCE1yzNG-fv8T9PNk",
"hostname": "",
"port": "80",
"addressesResolved": [
""
],
"addressUsed": ""
},
{
"url": "https::/.well-known/acme-challenge/6_UO_gkFhRVv3xvKAxrl8jIqZ3uCE1yzNG-fv8T9PNk",
"hostname": "",
"port": "443",
"addressesResolved": [
""
],
"addressUsed": ""
}
]
},
{
"type": "dns-01",
"status": "invalid",
"url": "https::acme-staging-v02.api.letsencrypt.org/acme/challenge/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4/236247310",
"token": "8ZzXza5dfHREVnuAkYn1Fb4vvAMqyz-9qNk3lFWrSCE"
},
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https::acme-staging-v02.api.letsencrypt.org/acme/challenge/h9EkCXwA_srx8h8Am6DBSVaSE31_y8hx3g-JqWY1bU4/236247311",
"token": "LwWmNNxUon0way3dSaemzCOyXU-ir5K3c2W2ExXsY3A"
}
]
}
Reporting to user: The following errors were reported by the server:
Domain:
Type: unauthorized
Detail: Invalid response from http::/.well-known/acme-challenge/6_UO_gkFhRVv3xvKAxrl8jIqZ3uCE1yzNG-fv8T9PNk: "\n\n404 Not Found\n\n
Not Found
\n<p"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 161, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 232, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http::/.well-known/acme-challenge/6_UO_gkFhRVv3xvKAxrl8jIqZ3uCE1yzNG-fv8T9PNk: "\n\n404 Not Found\n\n
Not Found
\n<p"
Calling registered functions
Cleaning up challenges
Attempting to renew cert () from /etc/letsencrypt/renewal/.conf produced an unexpected error: Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http::/.well-known/acme-challenge/6_UO_gkFhRVv3xvKAxrl8jIqZ3uCE1yzNG-fv8T9PNk: "\n\n404 Not Found\n\n
Not Found
\n<p". Skipping.
Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 430, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1168, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 305, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 335, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 371, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 161, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 232, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http::/.well-known/acme-challenge/6_UO_gkFhRVv3xvKAxrl8jIqZ3uCE1yzNG-fv8T9PNk: "\n\n404 Not Found\n\nNot Found
\n<p"
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live//fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live//fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.28.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1340, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1247, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 455, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain:
Type: unauthorized
Detail: Invalid response from
http::/.well-known/acme-challenge/6_UO_gkFhRVv3xvKAxrl8jIqZ3uCE1yzNG-fv8T9PNk:
"\n\n404 Not
Found\n\n
Not Found
\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.