Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
grendel.no
I ran this command:
sudo certbot renew
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/api.grendel.no.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/personlighetstesting.no.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/piwik.grendel.no.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/omvendtpsykologi.no.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/shiny.grendel.no.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/grendel.no.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.grendel.no
http-01 challenge for blog.grendel.no
http-01 challenge for grendel.no
http-01 challenge for ptsd-boken.grendel.no
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (grendel.no) from /etc/letsencrypt/renewal/grendel.no.conf produced an unexpected error: Failed authorization procedure. www.grendel.no (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.grendel.no/.well-known/acme-challenge/xrOcQmAmgzAEE5SbGGj4xO2G19PI3ZXQNn1JcwffLe4: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p", grendel.no (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://grendel.no/.well-known/acme-challenge/WEEdN_3pdLCUjF6jVJfLHfO5FfZu_FNhvrcsqsSA8sY: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p", ptsd-boken.grendel.no (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ptsd-boken.grendel.no/.well-known/acme-challenge/1gaGWuxzPfjOZElqZdplGLmjmENSlEVRbex5Y6VFYX4: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p", blog.grendel.no (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.grendel.no/.well-known/acme-challenge/5dwlenRYrT4qNSwGA7zKPzslqviXDtekINXhbu15gkQ: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p". Skipping.
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/grendel.no-0001.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for grendel.no
http-01 challenge for blog.grendel.no
http-01 challenge for ptsd-boken.grendel.no
http-01 challenge for r.grendel.no
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (grendel.no-0001) from /etc/letsencrypt/renewal/grendel.no-0001.conf produced an unexpected error: Failed authorization procedure. grendel.no (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://grendel.no/.well-known/acme-challenge/ZoaJY_ivHZtDFCShj13KCnhQz1zYIHOC1-9rByamd0w: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p", r.grendel.no (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://r.grendel.no/.well-known/acme-challenge/MVrmYM9ok3K-TsI69G2GVhjNeXGsMPom073_z0EEsSA: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p", blog.grendel.no (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.grendel.no/.well-known/acme-challenge/TbzMIYWlbtjEt9CFqC65vYu_UJhxsS40rXiiwCWHqZ4: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p", ptsd-boken.grendel.no (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ptsd-boken.grendel.no/.well-known/acme-challenge/ha6FeKvhL5C3FFTs0HZ5uk4ryqiZnCrwIpTNYBi1AMU: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p". Skipping.
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/omvendtpedagogikk.no.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/grendel.no/fullchain.pem (failure)
/etc/letsencrypt/live/grendel.no-0001/fullchain.pem (failure)
-------------------------------------------------------------------------------
The following certs are not due for renewal yet:
/etc/letsencrypt/live/api.grendel.no/fullchain.pem (skipped)
/etc/letsencrypt/live/personlighetstesting.no/fullchain.pem (skipped)
/etc/letsencrypt/live/piwik.grendel.no/fullchain.pem (skipped)
/etc/letsencrypt/live/omvendtpsykologi.no/fullchain.pem (skipped)
/etc/letsencrypt/live/shiny.grendel.no/fullchain.pem (skipped)
/etc/letsencrypt/live/omvendtpedagogikk.no/fullchain.pem (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/grendel.no/fullchain.pem (failure)
/etc/letsencrypt/live/grendel.no-0001/fullchain.pem (failure)
-------------------------------------------------------------------------------
2 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: grendel.no
Type: unauthorized
Detail: Invalid response from
http://grendel.no/.well-known/acme-challenge/ZoaJY_ivHZtDFCShj13KCnhQz1zYIHOC1-9rByamd0w:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p"
Domain: r.grendel.no
Type: unauthorized
Detail: Invalid response from
http://r.grendel.no/.well-known/acme-challenge/MVrmYM9ok3K-TsI69G2GVhjNeXGsMPom073_z0EEsSA:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p"
Domain: blog.grendel.no
Type: unauthorized
Detail: Invalid response from
http://blog.grendel.no/.well-known/acme-challenge/TbzMIYWlbtjEt9CFqC65vYu_UJhxsS40rXiiwCWHqZ4:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p"
Domain: ptsd-boken.grendel.no
Type: unauthorized
Detail: Invalid response from
http://ptsd-boken.grendel.no/.well-known/acme-challenge/ha6FeKvhL5C3FFTs0HZ5uk4ryqiZnCrwIpTNYBi1AMU:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- The following errors were reported by the server:
Domain: www.grendel.no
Type: unauthorized
Detail: Invalid response from
http://www.grendel.no/.well-known/acme-challenge/xrOcQmAmgzAEE5SbGGj4xO2G19PI3ZXQNn1JcwffLe4:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p"
Domain: grendel.no
Type: unauthorized
Detail: Invalid response from
http://grendel.no/.well-known/acme-challenge/WEEdN_3pdLCUjF6jVJfLHfO5FfZu_FNhvrcsqsSA8sY:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p"
Domain: ptsd-boken.grendel.no
Type: unauthorized
Detail: Invalid response from
http://ptsd-boken.grendel.no/.well-known/acme-challenge/1gaGWuxzPfjOZElqZdplGLmjmENSlEVRbex5Y6VFYX4:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p"
Domain: blog.grendel.no
Type: unauthorized
Detail: Invalid response from
http://blog.grendel.no/.well-known/acme-challenge/5dwlenRYrT4qNSwGA7zKPzslqviXDtekINXhbu15gkQ:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
Apache/2.4.18 (Ubuntu) mod_R/1.2.8 R/3.2.3 OpenSSL/1.0.2g mod_apreq2-20090110/2.8.0
The operating system my web server runs on is (include version):
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenial
My hosting provider, if applicable, is:
www.webhuset.no
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes.
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Most definitely not.
Additional info:
apachectl -S
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/ports.conf:4
VirtualHost configuration:
46.226.13.198:80 is a NameVirtualHost
default server api.grendel.no (/etc/apache2/sites-enabled/api.grendel.no.conf:1)
port 80 namevhost api.grendel.no (/etc/apache2/sites-enabled/api.grendel.no.conf:1)
port 80 namevhost blog.grendel.no (/etc/apache2/sites-enabled/blog.grendel.no.conf:1)
port 80 namevhost omvendtpedagogikk.no (/etc/apache2/sites-enabled/omvendtpedagogikk.no.conf:1)
alias omvendtpedagogikk.no
alias www.omvendtpedagogikk.no
port 80 namevhost omvendtpsykologi.no (/etc/apache2/sites-enabled/omvendtpsykologi.no.conf:1)
alias omvendtpsykologi.no
alias www.omvendtpsykologi.no
port 80 namevhost personlighetstesting.no (/etc/apache2/sites-enabled/personlighetstesting.no.conf:1)
alias personlighetstesting.no
alias www.personlighetstesting.no
port 80 namevhost ptsd-boken.grendel.no (/etc/apache2/sites-enabled/ptsd-boken.grendel.no.conf:1)
port 80 namevhost R.grendel.no (/etc/apache2/sites-enabled/r.grendel.no.conf:1)
46.226.13.198:443 is a NameVirtualHost
default server api.grendel.no (/etc/apache2/sites-enabled/api.grendel.no-le-ssl.conf:2)
port 443 namevhost api.grendel.no (/etc/apache2/sites-enabled/api.grendel.no-le-ssl.conf:2)
port 443 namevhost blog.grendel.no (/etc/apache2/sites-enabled/blog.grendel.no-le-ssl.conf:2)
port 443 namevhost omvendtpedagogikk.no (/etc/apache2/sites-enabled/omvendtpedagogikk.no-le-ssl.conf:2)
alias omvendtpedagogikk.no
alias www.omvendtpedagogikk.no
port 443 namevhost omvendtpsykologi.no (/etc/apache2/sites-enabled/omvendtpsykologi.no-le-ssl.conf:2)
alias omvendtpsykologi.no
alias www.omvendtpsykologi.no
port 443 namevhost personlighetstesting.no (/etc/apache2/sites-enabled/personlighetstesting.no-le-ssl.conf:2)
alias personlighetstesting.no
alias www.personlighetstesting.no
port 443 namevhost piwik.grendel.no (/etc/apache2/sites-enabled/piwik.grendel.no-le-ssl.conf:2)
port 443 namevhost ptsd-boken.grendel.no (/etc/apache2/sites-enabled/ptsd-boken.grendel.no-le-ssl.conf:2)
port 443 namevhost R.grendel.no (/etc/apache2/sites-enabled/r.grendel.no-le-ssl.conf:2)
alias r.grendel.no
port 443 namevhost shiny.grendel.no (/etc/apache2/sites-enabled/shiny.grendel.no-le-ssl.conf:2)
port 443 namevhost www.grendel.no (/etc/apache2/sites-enabled/www.grendel.no-le-ssl.conf:2)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
I have checked that .well-known/acme-challenge
exist, and that files put in that directory can be accessed:
root@localhost:~# curl -I -L -k -X GET http://api.grendel.no/.well-known/acme-challenge/readme
HTTP/1.1 200 OK
Date: Tue, 13 Mar 2018 14:22:25 GMT
Server: Apache/2.4.18 (Ubuntu) mod_R/1.2.8 R/3.2.3 OpenSSL/1.0.2g mod_apreq2-20090110/2.8.0
Last-Modified: Tue, 13 Mar 2018 14:21:30 GMT
ETag: "8-5674bf98d15a3"
Accept-Ranges: bytes
Content-Length: 8
Content-Type: text/plain
Any and all hints and suggestions appreciated. Thank you.