Can Not renew the certificates with Nginx

Help
1

Hello,
When I tried to renew my expired certs, it always failed

My domain is: api.aioparking.com

I ran this command: sudo certbot renew --dry-run -a webroot -w /var/www/letsencrypt

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/api.aioparking.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for api.aioparking.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: api.aioparking.com
  Type:   unauthorized
  Detail: Invalid response from http://api.aioparking.com/.well-known/acme-challenge/c_BQm3g3EZjixFA54Wg28iC70Mf58KcXuSxsiZ9dP-w [128.208.180.47]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.15.8</ce"

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Failed to renew certificate api.aioparking.com with error: Some challenges have failed.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/api.aioparking.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx/1.15.8

The operating system my web server runs on is (include version): Ubuntu 18.04

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

2

Hi,

Could you please show us the part of your nginx configuration where you have configured /.well-known/acme-challenge/ to be served from /var/www/letsencrypt?

2 Likes
3

Sure. Here it is.

# the upstream component nginx needs to connect to
upstream django {
    server unix:/home/streetparking/API/mysite.sock; # for a file socket
    #server 127.0.0.1:8001; # for a web port socket (we'll use this first)
}
# configuration of the server
server {
    # the port your site will be served on
    listen      80;
    # the domain name it will serve for
    server_name api.aioparking.com; # substitute your machine's IP address or FQDN
    charset     utf-8;

    # max upload size
    client_max_body_size 75M;   # adjust to taste

    # Django media
    location /media  {
        alias /home/streetparking/API/media;  # your Django project's media files - amend as required
    }

    location /static {
        alias /home/streetparking/API/static; # your Django project's static files - amend as required
    }

    # Finally, send all non-media requests to the Django server.
    location / {
        uwsgi_pass  django;
        include     /home/streetparking/API/uwsgi_params; # the uwsgi_params file you installed
    }
    location /.well-known/acme-challenge/ {
    root /var/www/certbot;
    }
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/api.aioparking.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/api.aioparking.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
4

Ah. Looks like a typo.

In nginx you use /certbot folder, in command you used /letsencrypt

2 Likes
5

Oh, my mistakes. It solved! Many thanks!

2 Likes
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.