I have an server with centos7 and nginx web server with 3 domains. I create Let’s encrypt SSL without problem for them, and have renew all SSL one time, the next month, with and simple script :
/root/letsencrypt/letsencrypt-auto renew
/usr/sbin/nginx -t && service nginx reload
But now I always have the same error when I try to use this script :
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for XXXXX.net
http-01 challenge for www.XXXXX.net
Using the webroot path /var/www for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/XXXXX.net.conf produced an unexpected error: ‘ascii’ codec can’t encode character u’\xe1’ in position 250: ordinal not in range(128). Skipping.
None of domain are IDN domain, I have do no change in python library and don’t understand the bug, Can you help me?
This is the key part. There is an invalid character in that file. can you check the file ? alternatively can you paste the full file in pastebin.com or somewhere so we can review it ?
if you refer to /etc/letsencrypt/renewal/XXXXX.net.conf file, the contain is this one (Sorry, I prefer hidden real domai name by XXXXX, but no special char in it)
The problem is, as soon as you edit it - then the special char will probably get removed. hence asking for you to paste the complete file. I suggested pastebin, as that can be pasted for a limited amount of time, and then removed ( say 15 mins )
Ohhh, I have found the problem... None of the vhosts have the ".well-known/acme-challenge" correct config, so they will return to 404 page that give the ascii error!
Putting the correct config ( location ~ /.well-known/acme-challenge { root /var/www; } in our case ) all work!
Thanks a lot serveco, with your answer I discover the problem!