Cannot renew certificate

nonvonneumann · July 30, 2020, 10:42am

I ran this command:
certbot renew -q --pre-hook 'service apache24 stop' --post-hook 'service apache24 start'

It produced this output:

Challenge failed for domain batenga.ddns.net
Attempting to renew cert (batenga.ddns.net) from /usr/local/etc/letsencrypt/renewal/batenga.ddns.net.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed: /usr/local/etc/letsencrypt/live/batenga.ddns.net/fullchain.pem (failure)
Error output from post-hook command service:
Syntax OK

1 renew failure(s), 0 parse failure(s)

My web server is (include version):
Apache 2.4.43
The operating system my web server runs on is (include version):
FreeBSD 11.3-RELEASE-p11

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
1.5.0

9peppe · July 30, 2020, 11:25am

show us the lines before this one.

I think there's a possibility that stopping apache is doing more harm than good.

try certbot renew --dry-run by itself and tell us if it works

nonvonneumann · July 30, 2020, 11:48am

There are no lines before that one, that is the first.

Dry run without stopping Apache succeeded.

I obviously misinterpreted the instructions on when to stop the web server, and when not to.

Cheers

9peppe · July 30, 2020, 12:07pm

yeah, the only time you should stop the webserver is when you are using --standalone, and you probably aren't -- as most people.

system · August 29, 2020, 12:07pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.