Cert issuance / Renewal is failing


#1

Hello all!

I am making use of LE on all of my linux servers. In conjunction with easyengine I found myself a great tool to quickly setup and manage my wordpress customer and project sites.

I really like the ease of this solution and it used to work just fine. But since about a month or so I am unable to renew or issue new certificates via letsencrypt. I also started an issue on the github respository of the easyenginge dev team.
Please find issue report here:

Please fix this… I used to be able to renew my le certs without any issue on the exact same setup… I didnt change a thing except for regular updates via apt-get

Please fill out the fields below so we can help you better.

My domain is:
any domain I am trying to renew the LE cert on. I have several.
My A records are set up perfectly on each domain.
Only domain where I am not seeing this issue is my main domain, which has a subdomain that is also the hostname of the server that all of these other domains point to.
I set up vhosts for each domain on my nginx.

I ran this command:
./letsencrypt-auto certonly --webroot -w /var/www/mydomain.de/htdocs/ -d mydomain.de -d www.mydomain.de --email webmaster@mydomain.de --text --agree-tos

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mydomain.de
http-01 challenge for www.mydomain.de
Using the webroot path /var/www/mydomain.de/htdocs for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. erlebniskochen-haus.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mydomain.de/.well-known/acme-challenge/wAThCYcO77SbXU-wvyNOG29_qxiQZ3S38FY4JYeJzOE: "

<m", www.mydomain.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.mydomain.de/.well-known/acme-challenge/KrCeD4QDvrBmdHkqVBDryWj9ViED-mNZZhjdXGciG90: " <m"

IMPORTANT NOTES:

My operating system is (include version):
Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-62-generic x86_64)

My web server is (include version):
NGINX 1.10.0

My hosting provider, if applicable, is:
netcup.de

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no


#2

It miraculously solved itself… odd issue…


#3

The fact the Let’s Encrypt validation server can’t find the appropriate challenge file in the /.well-known/acme-challenge/ folder is 99.99999999 % of the cases a configuration problem of the client, not anything Let’s Encrypt can do about. You can think of Let’s Encrypt client configuration error, webserver configuration error or firewall/reverse proxy configuration errors.

The fact you’re using some soft of (CLI based) “control panel” doesn’t make things easier of course.

But alas, I’m glad everything worked out for you in the end, however it may have fixed itself :stuck_out_tongue: But remember, “Please fix this” with a referral to third party software is probably not the right way to ask for help in the future :wink:


#4

I am not using a control panel…

And I came here to ask for help, because on the github repository of easyengine (a python script I am using to easily set up vhosts via shell - one command setup) I was told to ask here as this might be an le issue.

SO no offense^^.
I was just seeing this over and over again for various domains and couldnt find a scheme on my end.
Even when I used the direct le command to renew the cert, instead of the easyengine command.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.