Cannot renew - acme unauthorized

jdarbysh · December 23, 2021, 2:56pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: darbysys.com

I ran this command: Renew

It produced this output: Could not issue an SSL/TLS certificate for darbysys.com
Details
Could not issue a Let's Encrypt SSL/TLS certificate for darbysys.com. Authorization for the domain failed.

Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/61247719890.

Details:

Type: urn:ietf:params:acme:error:unauthorized

Status: 403

Detail: Incorrect TXT record "v6SjScjlXLi0cNrIQco5ZCeqvOiFwYV2QOTq0dmt15Y" found at _acme-challenge.darbysys.com

My web server is (include version): Plesk Obsidian v18.0.40_build1800211207.16 os_CentOS 8

The operating system my web server runs on is (include version): CentOS Linux 8.5.2111

My hosting provider, if applicable, is: 1 and 1

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

rg305 · December 23, 2021, 2:59pm

Hi @jdarbysh and welcome to the LE community forum

Please show the file:
/etc/letsencrypt/renewal/darbysys.com.conf

rg305 · December 23, 2021, 3:04pm

According to CT logs, you have renewed that cert (today).

So... Congrats!
[You figured it out]

jdarbysh · December 23, 2021, 3:39pm

Did not show up on a search of the drive.

jdarbysh · December 23, 2021, 3:40pm

It may show renewed, but is stilll popping an error for expired certificate.

Osiris · December 23, 2021, 3:55pm

You've renewed your certificate THREE TIMES today already: crt.sh | darbysys.com

Please note that if a successful issuance the first time does NOT result in the proper USE of that certificate, re-issuing it again and again does not fix the latter problem, as it's not issuance related.

Depending on how you installed the certificate in the first place it might be as simpel as just reloading the webserver. Or perhaps the location of the certificate has changed and the webserver configuration needs to be changed. It all depends on what happened exactly at issuance.

Also note that your currrent certificate lacks the wildcard hostname, which your previous certificate did have. So it seems you did not renewed your previous certificate, but you issued a brand new certificate. Which might explain why your webserver doesn't pick it up.

rg305 · December 23, 2021, 4:37pm

Please show:
certbot certificates

OR... maybe it isn't using certbot
Hard to tell, since you didn't mention which ACME client is being used.
You did, however, mention Plesk - But I don't use Plesk, so I can't be certain how it deals with certs.

jdarbysh · December 23, 2021, 6:21pm

Sorry - was not receiving any indication of successful renewal. Thank you for the link to crt.sh. Nice tool.

Seems the server restart took care of it. Thank you to all. Merry Christmas.

system · January 22, 2022, 6:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to renew cert Help	1	580	January 1, 2021
Not able to renew the SSL Help	2	1477	February 6, 2020
Ssl renew issue Help	4	1515	November 6, 2018
Problem with renewal of SSL certificate; cannot access site & webmail Help	5	836	February 9, 2019
Cannot renew the certificate Help	8	1282	December 17, 2021

Cannot renew - acme unauthorized

Related topics