Can't renew cert with Docker and Certbot

Using guide from this site.

My domain is: ihmg-ua.com

I ran this command:

docker run -t --rm \
      -v remote_certs:/etc/letsencrypt \
      -v remote_certs-data:/data/letsencrypt \
      deliverous/certbot \
      --webroot --webroot-path=/data/letsencrypt

It produced this output:

Attempting to renew cert (ihmg-ua.com) from /etc/letsencrypt/renewal/ihmg-ua.com.conf produced an unexpected error: Failed authorization procedure. ihmg-ua.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://ihmg-ua.com/.well-known/acme-challenge/HhFgqEre2ghBxy5phI_qncIjxx4JL9HI3f_3y0JXNjw [68.183.234.249]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>". Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/ihmg-ua.com/fullchain.pem (failure)

My web server is (include version):
nginx/1.14.2

The operating system my web server runs on is (include version):
Debian 9

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
0.31.0.dev0

My nginx .conf:

  map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}

server {
    listen 80;
    server_name ihmg-ua.com;


    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name ihmg-ua.com;
    gzip                      on;
    client_max_body_size      4M;
    ssl                       off;

    add_header                Strict-Transport-Security "max-age=31536000" always;

    ssl_session_cache         shared:SSL:20m;
    ssl_session_timeout       10m;

    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers               "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";

    ssl_stapling              on;
    ssl_stapling_verify       on;
    resolver                  8.8.8.8 8.8.4.4;

    ssl_certificate           /etc/letsencrypt/live/ihmg-ua.com/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/ihmg-ua.com/privkey.pem;
    ssl_trusted_certificate   /etc/letsencrypt/live/ihmg-ua.com/chain.pem;

    access_log                /dev/stdout;
    error_log                 /dev/stderr info;

    location / {
        proxy_pass http://pscc/;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection $connection_upgrade;
    }

    location ^~ /.well-known {
        allow all;
        root  /data/letsencrypt/;
    }

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
}
2 Likes

Welcome to the Let's Encrypt Community, Enver :slightly_smiling_face:

Is that really the root of your website content?

See @sahsanu's post below for more details.

4 Likes

Hello @Tash,

In your docker command you are using /data/letsencrypt as webroot but in your nginx conf you are using /var/www/certbot

You should fix that.

Cheers,
sahsanu

5 Likes

sahsanu,
I'm eternally grateful for your help!

4 Likes

@sahsanu to the rescue!

image
"You have saved our lives. We are eternally grateful."
Aliens | Pixar | Toy Story 2

3 Likes