I ran this command: certbot renew --standalone --preferred-challenges http --http-01-address 127.0.0.1 --http-01-port 9080 --post-hook "/etc/haproxy/prepareLetsEncryptCertificates.sh && systemctl reload haproxy.service" --quiet
the prepareLetsEncryptCertificates.sh containt:
# Loop through all Let's Encrypt certificates
for CERTIFICATE in find /etc/letsencrypt/live/* -type d; do
CERTIFICATE=basename $CERTIFICATE
# Combine certificate and private key to single file
cat /etc/letsencrypt/live/$CERTIFICATE/fullchain.pem /etc/letsencrypt/live/$CERTIFICATE/privkey.pem > /etc/haproxy/ssl/$CERTIFICATE.pem
done
It produced this output: Attempting to renew cert (siakadbeta.uho.ac.id) from /etc/letsencrypt/renewal/siakadbeta.uho.ac.id.conf produced an unexpected error: Failed authorization procedure. api.siakad.uho.ac.id (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for api.siakad.uho.ac.id - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for api.siakad.uho.ac.id - check that a DNS record exists for this domain. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/siakadbeta.uho.ac.id/fullchain.pem (failure)
We once had the domain api.siakad.uho.ac.id on the server, but we have already deleted/disabled it.
My web server is (include version): apache 2.4.29 (ubuntu), i use haproxy
The operating system my web server runs on is (include version): Ubuntu 18.04.6
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Cerbot 0.31.0
UnexpectedHttpResponse
WARNING
Sending an ACME HTTP validation request to siakadbeta.uho.ac.id results in unexpected HTTP response 403 Forbidden. This indicates that the webserver is misconfigured or misbehaving.
403 Forbidden
NoRecords
FATAL
No valid A or AAAA records could be ultimately resolved for api.siakad.uho.ac.id. This means that Let's Encrypt would not be able to connect to your domain to perform HTTP validation, since it would not know where to connect to.
No A or AAAA records found.
Please check the DNS settings for api.siakad.uho.ac.id and correct the above error.
We once had the domain api.siakad.uho.ac.id on the server, but we have already deleted/disabled it.
Everytime we try renew the renew prosess always ask about api.siakad.uho.ac.id, which one we have already deleted from server
we try this, and the give output like this:
Challenge failed for domain siakadbeta.uho.ac.id
Challenge failed for domain api.siakad.uho.ac.id
Attempting to renew cert (siakadbeta.uho.ac.id) from /etc/letsencrypt/renewal/siakadbeta.uho.ac.id.conf produced an unexpected error: Challenges failed for all domains. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/siakadbeta.uho.ac.id/fullchain.pem (failure)
i have try this:
sudo certbot delete --cert-name api.siakad.uho.ac.id
Give me output like this:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No certificate found with name api.siakad.uho.ac.id (expected /etc/letsencrypt/renewal/api.siakad.uho.ac.id.conf).
If you want to get a cert for that domain you have to setup the DNS A record for it again. The HTTP challenge you chose requires that.
You should not use the "renew" command unless the cert and the Certbot profile are still on your server. But, it is no longer there.
Try replacing "renew" with "certonly"
Also, your DNS config may have some problems. I do not think it is causing this specific problem. But, some of our testing tools are failing due to failing DNS queries. You may want to review the errors shown below with your DNS admin. https://dnsviz.net/d/api.siakad.uho.ac.id/dnssec/
thank you @Bruce5051@orangepizza@MikeMcQ the problem is fixed. It turns out , certificate renewal process was blocked by our Fortigate firewall. The application is running normally again. Thank You