Automatic renewal: Challenge failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
pizbube.ch

I ran this command:
Automatic renewal: python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q

It produced this output:
Challenge failed for domain feed.pizbube.ch
Challenge failed for domain gate.pizbube.ch
Challenge failed for domain man.pizbube.ch
Challenge failed for domain mob.pizbube.ch
Challenge failed for domain pizbube.ch
Challenge failed for domain pod.pizbube.ch
Challenge failed for domain rest.pizbube.ch
Challenge failed for domain site.pizbube.ch
Challenge failed for domain stats.pizbube.ch
Challenge failed for domain www.pizbube.ch
Attempting to renew cert (pizbube.ch) from /etc/letsencrypt/renewal/pizbube.ch.conf produced an unexpected error: Some challenges have failed.. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/pizbube.ch/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s)

In httpd-log i get this error:

[error] [client 52.28.236.88] (13)Permission denied: access to /.well-known/acme-challenge/IBvRwcKmVW6RaXEzzTdKisbsBPUI5y9_j0fL6gOq73g denied

namei -l /var/lib/letsencrypt/http_challenges

f: /var/lib/letsencrypt/http_challenges
dr-xr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root lib
drwxr-xr-x root apache letsencrypt
drwxr-xr-x root root http_challenges

My web server is (include version):
Apache 2.2

The operating system my web server runs on is (include version):
CentOS 6.10

My hosting provider, if applicable, is: providing.ch

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.10.1

2 Likes

Hi @sonja

there isn't a standard Apache, there is an Apache Tomcat.

https://www.pizbube.ch/brightstar/engines/allfeed/engine.cfm.well-known/acme-challenge/1234

HTTP Status 404 - /brightstar/engines/allfeed/engine.cfm.well-known/acme-challenge/1234

type Status report

message /brightstar/engines/allfeed/engine.cfm.well-known/acme-challenge/1234

description The requested resource is not available.

Apache Tomcat/7.0.75

That's a completely different system.

Please check the Tomcat documentation to see, which client you have to use. The standard Certbot may not work.

Or remove the -q flag and share the complete error message, not only the summary, if you have earlier created a certificate with that command.

5 Likes

Hi Juergen
I run manually
/usr/local/bin/certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/pizbube.ch.conf


Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate for pizbube.ch and 9 more domains
Performing the following challenges:
http-01 challenge for feed.pizbube.ch
http-01 challenge for gate.pizbube.ch
http-01 challenge for man.pizbube.ch
http-01 challenge for mob.pizbube.ch
http-01 challenge for pizbube.ch
http-01 challenge for pod.pizbube.ch
http-01 challenge for rest.pizbube.ch
http-01 challenge for site.pizbube.ch
http-01 challenge for stats.pizbube.ch
http-01 challenge for www.pizbube.ch
Waiting for verification...
Cleaning up challenges


new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/pizbube.ch/fullchain.pem



Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/pizbube.ch/fullchain.pem (success)


It worked. So for the moment it's solved. But running it automatically I get an error. I tried to upload the letsencrypt log but I can't because I'm a new user.
Thanks and best regards
Sonja

1 Like