Automating renewal failed

I have two certificate. The firts certificate with two domain: domian1.com, domain2.com, and the last certificate with one domain: domain3.com.
I used the command for automating renewal: sudo certbot renew --dry-run
But it show successfull only for the last certificate with one domain.

Attepmting to renew cert (domain1.com) from /etc/letsencrypt/renewal/domain1.com.conf produced and unexpected error :Failed authorization procedure. domain2.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain2.com/.well-know/acme-challenge/256wzkkmcdkmckdmckdncj:

I have correct permission on domain1.com, domain2.com and domain3.com directories.

Thanks

Hi,

Please share us your domain names and full error message (without radiation), this will help us analyize the true errors…

Thank you

Hi Steven

This is my domain in the first certificate: mail.nube22.com, mail.enlanuve.com and the last certificate is mx01.nube22.com

This is the error message in the last certificate:


Processing /etc/letsencrypt/renewal/mail.nube22.com.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.nube22.com
http-01 challenge for mail.enlanuve.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (mail.nube22.com) from /etc/letsencrypt/renewal/mail.nube22.com.conf produced an unexpected error: Failed authorization procedure. mail.enlanuve.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.enlanuve.com/.well-known/acme-challenge/sBtyUThD-0nF0ItGKf-G6CvJ942XCMp0WrWK50Efdms: "

404 Not Found

Not Found

<p". Skipping. The following certs could not be renewed: /etc/letsencrypt/live/mail.nube22.com/fullchain.pem (failure)

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

The following certs were successfully renewed:
/etc/letsencrypt/live/mx01.nube22.com/fullchain.pem (success)

The following certs could not be renewed:
/etc/letsencrypt/live/mail.nube22.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

Thanks

Hi @luiscm0609

you have created a correct certificate yesterday:

https://transparencyreport.google.com/https/certificates/EwTXd12NfYYtLdrOHedTk%2FGK%2FTB8srFR0pSyL7RPj6M%3D

mail.enlanuve.com
mail.nube22.com

Hi JuergenAuer

Yes I do, I have a correct certificate.
My problem is when a run the automating renewal: certbot renew --dry-run.
I want to put it in automatic renewal so I do not worry afterwards.

Thanks

There is another thread:

With the info, that dry-run doesn't support some hooks.

Perhaps rerun the complete command (which created the certificate yesterday) and use the stage system (there is a certbot option). There is an own limit.

I’m a little confused. I thought that command: certbot renew --dry-run is for run automatic renewal certificate but I realize this command is only a test to verify that renewal will be successful.

Anyway why I get the error.

I don’t use hook in my directory renewal.

Thanks

Hi guys:

I found the problem why the command: certbot renew --dry-run it gave me error.
I create my ceriticate for domian: mail.nube22.com that was host on directory /var/www/. I then I change the directory to /home/mail but do not modify the renewal file /etc/letsencrypt/renewal/mail.nube22.com.conf. When I update the directory in the renewal file the command: certbot renew --dry-run run successful.

Thanks

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.