Cerbot Renew LetsEncryt _acme error

benoit.b · April 2, 2020, 9:10am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:cotte.fr

I ran this command: certbot renew

It produced this output:
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/**.cotte.fr/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: .cotte.fr
Type: unauthorized
Detail: Incorrect TXT record
"WWSw*************" (and 1 more) found at
_acme-challenge.**.cotte.fr

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version):

The operating system my web server runs on is (include version): Debian 6.3.0

My hosting provider, if applicable, is: cloudflare

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.36.0

Hi guys,
I’m really not an expert with cerbot/letsencrypt stuff so that’d be great if I can get some help please.
The IT guy before me configured certbot and letsencrypt to generate a certificate through our hosting supplier which is Cloudflare.
Until now that did work successfully every 3 months except now. I get a _acme.challenge error and not sure how to fix that.
First thing I did is to check the TXT entry and it’s the exact same one. TTL entry with 2minutes with DNS only option. So that looks good to me.
Also we haven’t made any modification from Cloudflare during the last couple of months.
So why do I get this error message ? I’m bit confused. Does it mean an IP address has been changed somewhere ? How can I check what IP address should reply to certbot ?
Cheers and stay safe at home

9peppe · April 2, 2020, 9:15am

Are you joking?

What did it say before that?

benoit.b · April 2, 2020, 9:32am

No I’m not. I am aware it’s an old version but I had no time to upgrade/migrate the server yet. I got many other priorities

To answer to your question before that it says:

Processing /etc/letsencrypt/renewal/**.cotte.fr.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator dns-cloudflare, Installer None
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for .cotte.fr
Waiting 10 seconds for DNS changes to propagate
Waiting for verification…
Challenge failed for domain .cotte.fr
dns-01 challenge for .cotte.fr
Cleaning up challenges
Attempting to renew cert (.cotte.fr) from /etc/letsencrypt/renewal/.cotte.fr.conf produced an unexpected error: Some challenges have failed… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/.cotte.fr/fullchain.pem (failure)

9peppe · April 2, 2020, 9:37am

You might need to wait more than 10 seconds (--dns-cloudflare-propagation-seconds), and you should check if your credentials work: Welcome to certbot-dns-cloudflare’s documentation! — certbot-dns-cloudflare 0 documentation

It's not just old, it's been entirely unsupported for four years.

benoit.b · April 2, 2020, 9:49am

Thank you so much. That did work!

I work for my company for 6 months now and got plenty priorities to complete first.

Thank you again and stay at home !

system · May 2, 2020, 9:49am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.