Attempting to renew cert error

My domain is: jbehrmusic.com

I ran this command: certbot renew

It produced this output: " attempting to renew cert from * produced an unexpected error: Failed authorization procedur" (attaching a screenshot for full details)

My web server is (include version):

The operating system my web server runs on is (include version): nginx

My hosting provider, if applicable, is: Vultr

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

screenshots: https://imgur.com/a/ObzfFeo

It’s a known issue with the nginx plugin and Cloudflare.

You have two options:

  • Change your Cloudflare SSL mode from “Full” to “Flexible”, or
  • Change to the Certbot --webroot plugin (instead of --nginx).

Does changing the cloud flare ssl to flexible degrade the security of my site in any way?

Also, I’m not sure how to change it to webroot, as an option.

Update: I was able to change to flexible SSL, and it let me renew my certificate just fine. Can I change it back to Full SSL after the renewal? Or do I always have to keep it on flexible now?

Yes, unfortunately it does.

It means that Cloudflare connects to your server over HTTP instead of HTTPS (even though the visitor still sees HTTPS).

You need to identify what the webroot/document root of your website is, and try renew with:

certbot renew --cert-name jbehrmusic.com -a webroot -w /var/www/html --dry-run

(substituting /var/www/html for your webroot).

If that works, then you can renew next time using that command, and after that, it will keep using the webroot method.

Yes, you can.

1 Like