Automating renewal failed


#1

I have two certificate. The firts certificate with two domain: domian1.com, domain2.com, and the last certificate with one domain: domain3.com.
I used the command for automating renewal: sudo certbot renew --dry-run
But it show successfull only for the last certificate with one domain.

Attepmting to renew cert (domain1.com) from /etc/letsencrypt/renewal/domain1.com.conf produced and unexpected error :Failed authorization procedure. domain2.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain2.com/.well-know/acme-challenge/256wzkkmcdkmckdmckdncj:

I have correct permission on domain1.com, domain2.com and domain3.com directories.

Thanks


#2

Hi,

Please share us your domain names and full error message (without radiation), this will help us analyize the true errors…

Thank you


#3

Hi Steven

This is my domain in the first certificate: mail.nube22.com, mail.enlanuve.com and the last certificate is mx01.nube22.com

This is the error message in the last certificate:


Processing /etc/letsencrypt/renewal/mail.nube22.com.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.nube22.com
http-01 challenge for mail.enlanuve.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (mail.nube22.com) from /etc/letsencrypt/renewal/mail.nube22.com.conf produced an unexpected error: Failed authorization procedure. mail.enlanuve.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.enlanuve.com/.well-known/acme-challenge/sBtyUThD-0nF0ItGKf-G6CvJ942XCMp0WrWK50Efdms: "

404 Not Found

Not Found

<p". Skipping. The following certs could not be renewed: /etc/letsencrypt/live/mail.nube22.com/fullchain.pem (failure)

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

The following certs were successfully renewed:
/etc/letsencrypt/live/mx01.nube22.com/fullchain.pem (success)

The following certs could not be renewed:
/etc/letsencrypt/live/mail.nube22.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

Thanks


#4

Hi @luiscm0609

you have created a correct certificate yesterday:

https://transparencyreport.google.com/https/certificates/EwTXd12NfYYtLdrOHedTk%2FGK%2FTB8srFR0pSyL7RPj6M%3D

mail.enlanuve.com
mail.nube22.com


#5

Hi JuergenAuer

Yes I do, I have a correct certificate.
My problem is when a run the automating renewal: certbot renew --dry-run.
I want to put it in automatic renewal so I do not worry afterwards.

Thanks


#6

There is another thread:

With the info, that dry-run doesn’t support some hooks.

Perhaps rerun the complete command (which created the certificate yesterday) and use the stage system (there is a certbot option). There is an own limit.


#7

I’m a little confused. I thought that command: certbot renew --dry-run is for run automatic renewal certificate but I realize this command is only a test to verify that renewal will be successful.

Anyway why I get the error.

I don’t use hook in my directory renewal.

Thanks


#8

Hi guys:

I found the problem why the command: certbot renew --dry-run it gave me error.
I create my ceriticate for domian: mail.nube22.com that was host on directory /var/www/. I then I change the directory to /home/mail but do not modify the renewal file /etc/letsencrypt/renewal/mail.nube22.com.conf. When I update the directory in the renewal file the command: certbot renew --dry-run run successful.

Thanks


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.