Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for groomgy.com
tls-sni-01 challenge for www.groomgy.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (groomgy.com) from /etc/letsencrypt/renewal/groomgy.com.conf produced an unexpected error: Failed authorization procedure. groomgy.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested aac68ac4f8dc5d9ac69fe61ba9bf7b88.276acccc10ef2428291a193cd6b5156f.acme.invalid from 54.255.153.71:443. Received 2 certificate(s), first certificate had names “groomgy.com, www.groomgy.com”, www.groomgy.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested c8c650d779b9bc36f90c471411f60fba.62d3f4f004a46a115e19034a46c3295d.acme.invalid from 54.255.153.71:443. Received 2 certificate(s), first certificate had names “groomgy.com, www.groomgy.com”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/groomgy.com/fullchain.pem (failure)
The operating system my web server runs on is (include version):
Ubuntu 16.04
I can login to a root shell on my machine:
Yes
I’m using a control panel to manage my site:
No
I am not sure what to debug or where to look at. Could someone advise me on where to look at?
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for groomgy.com
http-01 challenge for www.groomgy.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (groomgy.com) from /etc/letsencrypt/renewal/groomgy.com.conf produced an unexpected error: Failed authorization procedure. www.groomgy.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.groomgy.com/.well-known/acme-challenge/33K__0lsi2z3wrqqRRGliFzbBm8zlv19GLpAruXV2hA: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n<h1.>404 Not Found\r\n
”, groomgy.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://groomgy.com/.well-known/acme-challenge/d09ncTEswJzosEV8qgj09KQELn5IRUzjFgSBa-FULWg: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n<h1.>404 Not Found\r\n”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/groomgy.com/fullchain.pem (failure)
DRY RUN: simulating ‘certbot renew’ close to cert expiry
(The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/groomgy.com/fullchain.pem (failure)
DRY RUN: simulating ‘certbot renew’ close to cert expiry
(The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)
Thanks for the reply @JuergenAuer, specifying the root worked, thank you so much.
I don’t remember specifying the webroot 3 months ago when I first setup the SSL.
Was the cron job renewal failing due to the deprecation of tls-sni-01 challenge?