Can't renew Certificate

I have tried everything I’ve read on the forums and more. Please help.

My domain is: cibnelearning.com

I ran this command: certbot renew --dry-run

It produced this output below:

Domain: cibnelearning.com
Type: unauthorized
Detail: Invalid response from
http://cibnelearning.com/.well-known/acme-challenge/hj3MOuEzvcZyCtpfwLwtVOMcGvjlHQTXEM-N92WIB-Y
[50.63.202.36]: "<body style=“padding:0; margin:0;”><meta
name=“viewport” content=“widt”

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version): Apache/2.4.6

The operating system my web server runs on is (include version): CentOS 7

My hosting provider, if applicable, is: VPSdime

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Recent

Hi @efejiroe

looks like your configuration has some errors ( https://check-your-website.server-daten.de/?q=cibnelearning.com ):

Your DNS:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
cibnelearning.com A 50.63.202.52
Scottsdale/Arizona/US yes 2 0
A 63.142.250.30
Dallas/Texas/US yes 2 0
A 184.168.221.32
Scottsdale/Arizona/US yes 2 0
AAAA yes
www.cibnelearning.com C cibnelearning.com yes 1 0
A 50.63.202.52
Scottsdale/Arizona/US yes
A 63.142.250.30
Dallas/Texas/US yes
A 184.168.221.32
Scottsdale/Arizona/US yes
www.cibnelearning.com A 184.168.221.55
Scottsdale/Arizona/US no

You have three different ip addresses. But checking your urls there are different answers. Some redirects http -> https, a https timeout.

http://www.cibnelearning.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
184.168.221.55

answers with a http status 200.

there is a redirect, then a timeout.

And really a lot of differences - same GET-request, different results with different ip addresses (too much to copy).

Looks like you have a mix of different configurations.

So it's nearly impossible to see why the challenge fails.

Are all three ip addresses correct?

1 Like

Goodness no!

Only 63.142.250.30 is.

How would this have happened?

2 Likes

Any advice on how I could fix this?

Remove the two other DNS A entries.

1 Like

I think I have done that - how can I check I have anyways? Tried using the same webtool you used but couldn’t

1 Like

Yep, there is a new check - https://check-your-website.server-daten.de/?q=cibnelearning.com

Now it looks better.

You have only one ip address. And your urls are ~~ ok.

Domainname Http-Status redirect Sec. G
http://cibnelearning.com/
63.142.250.30 301 https://cibnelearning.com/ 0.266 A
http://www.cibnelearning.com/
63.142.250.30 301 https://www.cibnelearning.com/ 0.270 A
https://www.cibnelearning.com/
63.142.250.30 303 https://cibnelearning.com 1.343 N
Certificate error: RemoteCertificateNameMismatch
https://cibnelearning.com/
63.142.250.30 200 1.700 B
https://cibnelearning.com 200 1.507 B
http://cibnelearning.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
63.142.250.30 301 https://cibnelearning.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.274 A
Visible Content: Moved Permanently The document has moved here .
http://www.cibnelearning.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
63.142.250.30 301 https://www.cibnelearning.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.267 A
Visible Content: Moved Permanently The document has moved here .
https://cibnelearning.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 1.117 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server.
https://www.cibnelearning.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 1.120 N
Not Found
Certificate error: RemoteCertificateNameMismatch
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server.

http redirects to https, checking a file in /.well-known/acme-challenge sends the expected http status 404 - Not Found.

So try to find your DocumentRoot of your port 443 vHost, then use it.

certbot run -a webroot -i apache -w yourDocumentRoot -d www.cibnelearning.com -d cibnelearning.com

Worked like a charm. You’ve been awesome! Learn a few from this too. Thanks for your availability! God bless.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.