My domain is: staging.trupath.com

The renewal file contains this:
[renewalparams]
account = GUID
authenticator = webroot
webroot_path = /usr/local/lsws/staging.trupath.com/web
server = https://acme-v02.api.letsencrypt.org/directory

I ran this command: certbot renew --dry-run --debug-challenges -v
The following simulated renewals failed:
/etc/letsencrypt/live/staging.trupath.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

It produced this output: (see detailed debug log below)

My web server is (include version): Litespeed 1.7.19

The operating system my web server runs on is (include version): Ubuntu 22.04 LTS

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

2024-02-06 03:34:07,280:DEBUG:acme.client:Storing nonce: 7K8fIQp7YjrE_tTnsGtzOHYnzqJgUNaiZVgvm14-JIkhuHJA_Tk
2024-02-06 03:34:07,280:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-02-06 03:34:07,281:INFO:certbot._internal.auth_handler:http-01 challenge for staging.trupath.com
2024-02-06 03:34:07,281:INFO:certbot._internal.plugins.webroot:Using the webroot path /usr/local/lsws/staging.trupath.com/web for all unmatched domains.
2024-02-06 03:34:07,281:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge
2024-02-06 03:34:07,282:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge
2024-02-06 03:34:07,282:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge
2024-02-06 03:34:07,282:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge
2024-02-06 03:34:07,282:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge
2024-02-06 03:34:07,283:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge
2024-02-06 03:34:07,283:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge
2024-02-06 03:34:07,283:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/O3CrV83Z4_r_vp4FJ-xv2pwFZoyCBSOFcOArXbMNVvw
2024-02-06 03:34:07,284:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/BV1a6QIk2fYt-ZqSIByaC-qd2DlUc4q_fbPxBAfQYeU
2024-02-06 03:34:07,285:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/gOFrqJoijNG-ZJAgC6dwvhirP297iTpTio_5Fl3Kb5o
2024-02-06 03:34:07,285:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/2ONzXWvcvlw8y1TXsao-zOsqCGoqqkLi_xMr9zEshWM
2024-02-06 03:34:07,286:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/O7h3nruYqWyk31ODIpdFHTxgMoxG5CJtvzqZBLin8o0
2024-02-06 03:34:07,286:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/y6Q1dnmL4XiYRa0UgUvzIp5MaJdTKxyjfz9-6b3qGRI
2024-02-06 03:34:07,287:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/RQ8TEhGEjFI3u6TgScJnd2ldOhFhFVJcTDr_JSFd55M

2024-02-06 03:34:09,149:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11020388403 HTTP/1.1" 200 781
2024-02-06 03:34:09,150:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 06 Feb 2024 03:34:09 GMT
Content-Type: application/json
Content-Length: 781
Connection: keep-alive
Boulder-Requester: 134996633
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: VlC4gE5VYLrsnivltDsB1L3E_Ohab4EQMLipGufwQ-sLrE4rolM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
 "identifier": {
   "type": "dns",
   "value": "staging.trupath.com"
 },
 "status": "valid",
 "expires": "2024-03-07T03:34:08Z",
 "challenges": [
   {
     "type": "http-01",
     "status": "valid",
     "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/11020388403/eFpzmw",
     "token": "RQ8TEhGEjFI3u6TgScJnd2ldOhFhFVJcTDr_JSFd55M",
     "validationRecord": [
       {
         "url": "http://staging.trupath.com/.well-known/acme-challenge/RQ8TEhGEjFI3u6TgScJnd2ldOhFhFVJcTDr_JSFd55M",
         "hostname": "staging.trupath.com",
         "port": "80",
         "addressesResolved": [
           "170.187.142.87"
         ],
         "addressUsed": "170.187.142.87"
       }
     ],
     "validated": "2024-02-06T03:34:07Z"
   }
 ]
 
 2024-02-06 03:34:09,152:DEBUG:certbot._internal.error_handler:Calling registered functions
 2024-02-06 03:34:09,152:INFO:certbot._internal.auth_handler:Cleaning up challenges
 2024-02-06 03:34:09,152:DEBUG:certbot._internal.plugins.webroot:Removing /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/O3CrV83Z4_r_vp4FJ-xv2pwFZoyCBSOFcOArXbMNVvw
 2024-02-06 03:34:09,152:DEBUG:certbot._internal.plugins.webroot:Removing /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/BV1a6QIk2fYt-ZqSIByaC-qd2DlUc4q_fbPxBAfQYeU
 2024-02-06 03:34:09,152:DEBUG:certbot._internal.plugins.webroot:Removing /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/gOFrqJoijNG-ZJAgC6dwvhirP297iTpTio_5Fl3Kb5o
 2024-02-06 03:34:09,153:DEBUG:certbot._internal.plugins.webroot:Removing /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/2ONzXWvcvlw8y1TXsao-zOsqCGoqqkLi_xMr9zEshWM
 2024-02-06 03:34:09,153:DEBUG:certbot._internal.plugins.webroot:Removing /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/O7h3nruYqWyk31ODIpdFHTxgMoxG5CJtvzqZBLin8o0
 2024-02-06 03:34:09,153:DEBUG:certbot._internal.plugins.webroot:Removing /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/y6Q1dnmL4XiYRa0UgUvzIp5MaJdTKxyjfz9-6b3qGRI
 2024-02-06 03:34:09,153:DEBUG:certbot._internal.plugins.webroot:Removing /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/RQ8TEhGEjFI3u6TgScJnd2ldOhFhFVJcTDr_JSFd55M
 2024-02-06 03:34:09,153:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
 2024-02-06 03:34:09,153:ERROR:certbot._internal.renewal:Failed to renew certificate staging.trupath.com with error: Some challenges have failed.
 2024-02-06 03:34:09,155:DEBUG:certbot._internal.renewal:Traceback was:
 Traceback (most recent call last):
   File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 475, in handle_renewal_request
     main.renew_cert(lineage_config, plugins, renewal_candidate)
   File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1386, in renew_cert
     renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
   File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 122, in _get_and_save_cert
     renewal.renew_cert(config, domains, le_client, lineage)
   File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 335, in renew_cert
     new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
   File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
     orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
   File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
     authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
   File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
     self._poll_authorizations(authzrs, max_retries, best_effort)
   File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
     raise errors.AuthorizationError('Some challenges have failed.')
 certbot.errors.AuthorizationError: Some challenges have failed.
 
 2024-02-06 03:34:09,152:DEBUG:certbot._internal.error_handler:Calling registered functions
 2024-02-06 03:34:09,152:INFO:certbot._internal.auth_handler:Cleaning up challenges
 2024-02-06 03:34:09,152:DEBUG:certbot._internal.plugins.webroot:Removing /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/O3CrV83Z4_r_vp4FJ-xv2pwFZoyCBSOFcOArXbMNVvw
 2024-02-06 03:34:09,152:DEBUG:certbot._internal.plugins.webroot:Removing /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/BV1a6QIk2fYt-ZqSIByaC-qd2DlUc4q_fbPxBAfQYeU
 2024-02-06 03:34:09,152:DEBUG:certbot._internal.plugins.webroot:Removing /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/gOFrqJoijNG-ZJAgC6dwvhirP297iTpTio_5Fl3Kb5o
 2024-02-06 03:34:09,153:DEBUG:certbot._internal.plugins.webroot:Removing /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/2ONzXWvcvlw8y1TXsao-zOsqCGoqqkLi_xMr9zEshWM
 2024-02-06 03:34:09,153:DEBUG:certbot._internal.plugins.webroot:Removing /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/O7h3nruYqWyk31ODIpdFHTxgMoxG5CJtvzqZBLin8o0
 2024-02-06 03:34:09,153:DEBUG:certbot._internal.plugins.webroot:Removing /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/y6Q1dnmL4XiYRa0UgUvzIp5MaJdTKxyjfz9-6b3qGRI
 2024-02-06 03:34:09,153:DEBUG:certbot._internal.plugins.webroot:Removing /usr/local/lsws/staging.trupath.com/web/.well-known/acme-challenge/RQ8TEhGEjFI3u6TgScJnd2ldOhFhFVJcTDr_JSFd55M
 2024-02-06 03:34:09,153:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
 2024-02-06 03:34:09,153:ERROR:certbot._internal.renewal:Failed to renew certificate staging.trupath.com with error: Some challenges have failed.
 2024-02-06 03:34:09,155:DEBUG:certbot._internal.renewal:Traceback was:
 Traceback (most recent call last):
   File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 475, in handle_renewal_request
     main.renew_cert(lineage_config, plugins, renewal_candidate)
   File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1386, in renew_cert
     renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
   File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 122, in _get_and_save_cert
     renewal.renew_cert(config, domains, le_client, lineage)
   File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 335, in renew_cert
     new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
   File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
     orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
   File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
     authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
   File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
     self._poll_authorizations(authzrs, max_retries, best_effort)
   File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
     raise errors.AuthorizationError('Some challenges have failed.')
 certbot.errors.AuthorizationError: Some challenges have failed.
 

Make sure this is the document root path for that FQDN:
/usr/local/lsws/staging.trupath.com/web

[Sorry, I'm not too familiar with Litespeed - I can't say exactly where/how to look and find that info.]

Thanks for the response. I updated my original post with the contents of the /etc/letsencrypt/renewal conf file. That root path already exists. Any other ideas?

Can you show what is displayed by this command? All the messages not just the summary result.

certbot renew --dry-run --cert-name staging.trupath.com

And also result of this

certbot certificates

Hey Mike! The result of running the two commands is below:

certbot renew --dry-run --cert-name staging.trupath.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/staging.trupath.com.conf

Simulating renewal of an existing certificate for staging.trupath.com and 6 more domains

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: staging.detoxcenterla.com
Type: unauthorized
Detail: 170.187.142.87: Invalid response from http://staging.detoxcenterla.com/.well-known/acme-challenge/VPKyOX2QgKHsoh9ZpQtb6_nPHvc_tOAvuH2qF3JF69I: 404

Domain: staging.novodetox.com
Type: unauthorized
Detail: 170.187.142.87: Invalid response from http://staging.novodetox.com/.well-known/acme-challenge/ZjRQtHGlqrv-b39GSUrQjK6Ctt19aWjcrK72KurvDTU: 404

Domain: staging.sylvandetox.com
Type: unauthorized
Detail: 170.187.142.87: Invalid response from http://staging.sylvandetox.com/.well-known/acme-challenge/sJAxoTIFkcfgh-2pmNLGk7N9cUlm4TIMnMj91rOtKQk: 404

Domain: staging.thedetoxcenter.com
Type: unauthorized
Detail: 170.187.142.87: Invalid response from http://staging.thedetoxcenter.com/.well-known/acme-challenge/ojylhkxXoFF-eaAAFZv3PEQU38XPZo3xUGblC90sIQw: 404

Domain: staging.thedetoxcenterla.com
Type: unauthorized
Detail: 170.187.142.87: Invalid response from http://staging.thedetoxcenterla.com/.well-known/acme-challenge/D6Sptoq4rzlqfjXKNrUHsHM1UefFvSwziMK6ffgeoq4: 404

Domain: staging.amhealth.com
Type: unauthorized
Detail: 170.187.142.87: Invalid response from http://staging.amhealth.com/.well-known/acme-challenge/KBSDQELFT4awGdAaj_cgGcBijZsSApqPgTv_ChFu428: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Failed to renew certificate staging.trupath.com with error: Some challenges have failed.

All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/staging.trupath.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: staging.amhealth.com
Serial Number: 327aaf987383728d837102c4d95b89cefc2
Key Type: RSA
Domains: staging.amhealth.com
Expiry Date: 2024-03-19 14:59:22+00:00 (VALID: 41 days)
Certificate Path: /etc/letsencrypt/live/staging.amhealth.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/staging.amhealth.com/privkey.pem
Certificate Name: staging.detoxcenterla.com
Serial Number: 4edb6a31c44bba31da02fb25b5d9394408c
Key Type: RSA
Domains: staging.detoxcenterla.com
Expiry Date: 2024-03-19 14:59:25+00:00 (VALID: 41 days)
Certificate Path: /etc/letsencrypt/live/staging.detoxcenterla.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/staging.detoxcenterla.com/privkey.pem
Certificate Name: staging.goldfinchservicesnj.com
Serial Number: 4eb1498c20a126b9decd46309ea30fa8d63
Key Type: RSA
Domains: staging.goldfinchservicesnj.com
Expiry Date: 2024-03-29 19:58:29+00:00 (VALID: 52 days)
Certificate Path: /etc/letsencrypt/live/staging.goldfinchservicesnj.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/staging.goldfinchservicesnj.com/privkey.pem
Certificate Name: staging.innovative-aba.com
Serial Number: 3635588396b30ef628589d7a50f881fdceb
Key Type: RSA
Domains: staging.innovative-aba.com
Expiry Date: 2024-03-28 00:01:20+00:00 (VALID: 50 days)
Certificate Path: /etc/letsencrypt/live/staging.innovative-aba.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/staging.innovative-aba.com/privkey.pem
Certificate Name: staging.novodetox.com
Serial Number: 313e6c07b9b5808e46324dacf059d05170e
Key Type: RSA
Domains: staging.novodetox.com
Expiry Date: 2024-03-19 14:59:27+00:00 (VALID: 41 days)
Certificate Path: /etc/letsencrypt/live/staging.novodetox.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/staging.novodetox.com/privkey.pem
Certificate Name: staging.qtreatment.com
Serial Number: 31670f022cddbbe03c0924eed054593a17f
Key Type: RSA
Domains: staging.qtreatment.com
Expiry Date: 2024-03-29 19:58:32+00:00 (VALID: 52 days)
Certificate Path: /etc/letsencrypt/live/staging.qtreatment.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/staging.qtreatment.com/privkey.pem
Certificate Name: staging.theaddictsnetwork.com
Serial Number: 4fd7873a08673d828037c810f7e73db405a
Key Type: RSA
Domains: staging.theaddictsnetwork.com
Expiry Date: 2024-03-18 13:56:22+00:00 (VALID: 40 days)
Certificate Path: /etc/letsencrypt/live/staging.theaddictsnetwork.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/staging.theaddictsnetwork.com/privkey.pem
Certificate Name: staging.thedetoxcenter.com
Serial Number: 463927d04d3340165bd975bd0527bd11031
Key Type: RSA
Domains: staging.thedetoxcenter.com
Expiry Date: 2024-03-19 14:59:30+00:00 (VALID: 41 days)
Certificate Path: /etc/letsencrypt/live/staging.thedetoxcenter.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/staging.thedetoxcenter.com/privkey.pem
Certificate Name: staging.thedetoxcenterla.com
Serial Number: 39d8aa095c98e78d34552548ec924d33833
Key Type: RSA
Domains: staging.thedetoxcenterla.com
Expiry Date: 2024-03-19 14:59:32+00:00 (VALID: 41 days)
Certificate Path: /etc/letsencrypt/live/staging.thedetoxcenterla.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/staging.thedetoxcenterla.com/privkey.pem
Certificate Name: staging.trupath.com
Serial Number: 46e752509f8affef8dbfaf11e2627e8a8c2
Key Type: RSA
Domains: staging.trupath.com staging.amhealth.com staging.detoxcenterla.com staging.novodetox.com staging.sylvandetox.com staging.thedetoxcenter.com staging.thedetoxcenterla.com
Expiry Date: 2024-03-19 14:06:42+00:00 (VALID: 41 days)
Certificate Path: /etc/letsencrypt/live/staging.trupath.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/staging.trupath.com/privkey.pem
Certificate Name: staging.trupathrecovery.com
Serial Number: 4157c69b6d92a6f31f27ce35dea3eb7d1fb
Key Type: RSA
Domains: staging.trupathrecovery.com
Expiry Date: 2024-05-06 03:45:37+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/staging.trupathrecovery.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/staging.trupathrecovery.com/privkey.pem

--

Please show this file:
/usr/local/lsws/conf/httpd_config.conf

#
# PLAIN TEXT CONFIGURATION FILE
#
# If not set, will use host name as serverName
serverName                
user                      nobody
group                     nogroup
priority                  0
inMemBufSize              60M
swappingDir               /tmp/lshttpd/swap
autoFix503                1
gracefulRestartTimeout    300
mime                      conf/mime.properties
showVersionNumber         0
useIpInProxyHeader        0
adminEmails               jyeretzian@trupath.com, jirons@trupath.com, cosjef@gmail.com

errorlog logs/error.log {
  logLevel                DEBUG
  debugLevel              0
  rollingSize             10M
  enableStderrLog         1
}

accesslog logs/access.log {
  rollingSize             10M
  keepDays                30
  compressArchive         0
}
indexFiles                index.html, index.php

expires  {
  enableExpires           1
  expiresByType           image/*=A604800,text/css=A604800,application/x-javascript=A604800,application/javascript=A604800,font/*=A604800,application/x-font-ttf=A604800
}

tuning  {
  maxConnections          10000
  maxSSLConnections       10000
  connTimeout             300
  maxKeepAliveReq         10000
  keepAliveTimeout        5
  sndBufSize              0
  rcvBufSize              0
  maxReqURLLen            32768
  maxReqHeaderSize        65536
  maxReqBodySize          2047M
  maxDynRespHeaderSize    32768
  maxDynRespSize          2047M
  maxCachedFileSize       4096
  totalInMemCacheSize     20M
  maxMMapFileSize         256K
  totalMMapCacheSize      40M
  useSendfile             1
  fileETag                28
  enableGzipCompress      1
  compressibleTypes       default
  enableDynGzipCompress   1
  gzipCompressLevel       6
  gzipAutoUpdateStatic    1
  gzipStaticCompressLevel 6
  brStaticCompressLevel   6
  gzipMaxFileSize         10M
  gzipMinFileSize         300

  quicEnable              1
  quicShmDir              /dev/shm
}

fileAccessControl  {
  followSymbolLink        1
  checkSymbolLink         0
  requiredPermissionMask  000
  restrictedPermissionMask 000
}

perClientConnLimit  {
  staticReqPerSec         0
  dynReqPerSec            0
  outBandwidth            0
  inBandwidth             0
  softLimit               10000
  hardLimit               10000
  gracePeriod             15
  banPeriod               300
}

CGIRLimit  {
  maxCGIInstances         20
  minUID                  11
  minGID                  10
  priority                0
  CPUSoftLimit            10
  CPUHardLimit            50
  memSoftLimit            1460M
  memHardLimit            1470M
  procSoftLimit           400
  procHardLimit           450
}

accessDenyDir  {
  dir                     /
  dir                     /etc/*
  dir                     /dev/*
  dir                     conf/*
  dir                     admin/conf/*
}

accessControl  {
  allow                   ALL
}

extprocessor lsphp81 {
  type                    lsapi
  address                 uds://tmp/lshttpd/lsphp81.sock
  maxConns                10
  env                     PHP_LSAPI_MAX_REQUESTS=500
  env                     PHP_LSAPI_CHILDREN=35
  env                     LSAPI_AVOID_FORK=200M
  env                     API_HOST=localhost
  env                     API_DB_NAME=api_trupath_com
  env                     API_DB_USERNAME=api_trupath_com
  env                     API_DB_PASSWORD=[redacted]
  env                     CTM_USERNAME=[redacted]
  env                     CTM_PASSWORD=[redacted]
  env                     CTM_ACCOUNT_ID=[redacted]
  env                     CTM_SMS_NUMBER=[redacted]
  env                     CLIENT_ID=[redacted]
  env                     CLIENT_SECRET=[redacted]
  env                     REDIRECT_URI=https://api.trupath.com/v1/salesforce/callback
  env                     LOGIN_URI=https://trupath.my.salesforce.com
  env                     API_VERSION=v55.0
  initTimeout             60
  retryTimeout            0
  persistConn             1
  respBuffer              0
  autoStart               2
  path                    lsphp81/bin/lsphp
  backlog                 100
  instances               1
  priority                0
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           1400
  procHardLimit           1500
}

extprocessor lsphp74 {
  type                    lsapi
  address                 uds://tmp/lshttpd/lsphp.sock
  maxConns                10
  env                     PHP_LSAPI_MAX_REQUESTS=500
  env                     PHP_LSAPI_CHILDREN=50
  env                     LSAPI_AVOID_FORK=200M
  env                     API_HOST=localhost
  env                     API_DB_NAME=api_trupath_com
  env                     API_DB_USERNAME=api_trupath_com
  env                     API_DB_PASSWORD=[redacted]
  env                     CTM_USERNAME=[redacted]
  env                     CTM_PASSWORD=[redacted]
  env                     CTM_ACCOUNT_ID=[redacted]
  env                     CTM_SMS_NUMBER=[redacted]
  env                     CLIENT_ID=[redacted]
  env                     CLIENT_SECRET=[redacted]
  env                     REDIRECT_URI=https://api.trupath.com/v1/salesforce/callback
  env                     LOGIN_URI=https://trupath.my.salesforce.com
  env                     API_VERSION=v55.0
  initTimeout             60
  retryTimeout            0
  persistConn             1
  respBuffer              0
  autoStart               2
  path                    lsphp74/bin/lsphp
  backlog                 100
  instances               1
  priority                0
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           1400
  procHardLimit           1500
}

scripthandler  {
  add                     lsapi:lsphp81 php81
  add                     lsapi:lsphp74 php74
}

railsDefaults  {
  maxConns                1
  env                     LSAPI_MAX_IDLE=60
  initTimeout             60
  retryTimeout            0
  pcKeepAliveTimeout      60
  respBuffer              0
  backlog                 50
  runOnStartUp            3
  extMaxIdleTime          300
  priority                3
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           500
  procHardLimit           600
}

wsgiDefaults  {
  maxConns                5
  env                     LSAPI_MAX_IDLE=60
  initTimeout             60
  retryTimeout            0
  pcKeepAliveTimeout      60
  respBuffer              0
  backlog                 50
  runOnStartUp            3
  extMaxIdleTime          300
  priority                3
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           500
  procHardLimit           600
}

nodeDefaults  {
  maxConns                5
  env                     LSAPI_MAX_IDLE=60
  initTimeout             60
  retryTimeout            0
  pcKeepAliveTimeout      60
  respBuffer              0
  backlog                 50
  runOnStartUp            3
  extMaxIdleTime          300
  priority                3
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           500
  procHardLimit           600
}

module cache {
  internal                1

checkPrivateCache   1
checkPublicCache    1
maxCacheObjSize     10000000
maxStaleAge         200
qsCache             1
reqCookieCache      1
respCookieCache     1
ignoreReqCacheCtrl  1
ignoreRespCacheCtrl 0

enableCache         0
expireInSeconds     3600
enablePrivateCache  0
privateExpireInSeconds 3600
  ls_enabled              1
}

virtualhost staging.trupath.com {
  vhRoot                  $SERVER_ROOT/$VH_NAME
  configFile              $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
  note                    Instantiated from template Default_Websites
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              0
}

virtualhost staging.detoxcenterla.com {
  vhRoot                  $SERVER_ROOT/$VH_NAME
  configFile              $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
  note                    Instantiated from template Default_Websites
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              0
}

virtualhost staging.novodetox.com {
  vhRoot                  $SERVER_ROOT/$VH_NAME
  configFile              $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
  note                    Instantiated from template Default_Websites
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              0
}

virtualhost staging.thedetoxcenter.com {
  vhRoot                  $SERVER_ROOT/$VH_NAME
  configFile              $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
  note                    Instantiated from template Default_Websites
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              0
}

virtualhost staging.thedetoxcenterla.com {
  vhRoot                  $SERVER_ROOT/$VH_NAME
  configFile              $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
  note                    Instantiated from template Default_Websites
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              0
}

virtualhost staging.amhealth.com {
  vhRoot                  $SERVER_ROOT/$VH_NAME
  configFile              $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
  note                    Instantiated from template Default_Websites
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              0
}

virtualhost staging.innovative-aba.com {
  vhRoot                  $SERVER_ROOT/$VH_NAME
  configFile              $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
  note                    Instantiated from template Default_Websites
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              0
}

virtualhost staging.trupathrecovery.com {
  vhRoot                  $SERVER_ROOT/$VH_NAME
  configFile              $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
  note                    Instantiated from template Default_Websites
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              0
}

virtualhost staging.qtreatment.com {
  vhRoot                  $SERVER_ROOT/$VH_NAME
  configFile              $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
  note                    Instantiated from template Default_Websites
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              0
}

virtualhost staging.goldfinchservicesnj.com {
  vhRoot                  $SERVER_ROOT/$VH_NAME
  configFile              $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
  note                    Instantiated from template Default_Websites
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              0
}

virtualhost staging.sylvandetox.com {
  vhRoot                  $SERVER_ROOT/$VH_NAME
  configFile              $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
  note                    Instantiated from template Default_Websites
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              0
}

virtualhost staging.theaddictsnetwork.com {
  vhRoot                  $SERVER_ROOT/$VH_NAME
  configFile              $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
  note                    Instantiated from template Default_Websites
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              0
}

listener Default {
  address                 *:80
  secure                  0
  map                     staging.trupath.com staging.trupath.com
  map                     staging.detoxcenterla.com staging.detoxcenterla.com
  map                     staging.novodetox.com staging.novodetox.com
  map                     staging.thedetoxcenter.com staging.thedetoxcenter.com
  map                     staging.thedetoxcenterla.com staging.thedetoxcenterla.com
  map                     staging.amhealth.com staging.amhealth.com
  map                     staging.innovative-aba.com staging.innovative-aba.com
  map                     staging.trupathrecovery.com staging.trupathrecovery.com
  map                     staging.qtreatment.com staging.qtreatment.com
  map                     staging.goldfinchservicesnj.com staging.goldfinchservicesnj.com
  map                     staging.sylvandetox.com staging.sylvandetox.com
  map                     staging.theaddictsnetwork.com staging.theaddictsnetwork.com
}

listener SSL {
  address                 *:443
  secure                  1
  keyFile                 /etc/letsencrypt/procharged/procharged-selfsigned.key
  certFile                /etc/letsencrypt/procharged/procharged-selfsigned.crt
  certChain               0
  sslProtocol             24
  map                     staging.trupath.com staging.trupath.com
  map                     staging.detoxcenterla.com staging.detoxcenterla.com
  map                     staging.novodetox.com staging.novodetox.com
  map                     staging.thedetoxcenter.com staging.thedetoxcenter.com
  map                     staging.thedetoxcenterla.com staging.thedetoxcenterla.com
  map                     staging.amhealth.com staging.amhealth.com
  map                     staging.innovative-aba.com staging.innovative-aba.com
  map                     staging.trupathrecovery.com staging.trupathrecovery.com
  map                     staging.qtreatment.com staging.qtreatment.com
  map                     staging.goldfinchservicesnj.com staging.goldfinchservicesnj.com
  map                     staging.sylvandetox.com staging.sylvandetox.com
  map                     staging.theaddictsnetwork.com staging.theaddictsnetwork.com
}

vhTemplate centralConfigLog {
  templateFile            conf/templates/ccl.conf
  listeners               Default
}

vhTemplate EasyRailsWithSuEXEC {
  templateFile            conf/templates/rails.conf
  listeners               Default
}

vhTemplate Default_Websites {
  templateFile            $SERVER_ROOT/conf/templates/example.conf
  listeners               SSL, Default
}

@cosjef, I apologize for not knowing enough about Litespeed and asked to you post a file that may have contained secret/passwords information.

Please review those lines and change them ASAP.

This is all that we needed to see:

We need to locate and review that file:
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf

It seems like you may have proactively deleted the file, correct?

Attaching the vhost.conf file for staging.trupath.com below. Nothing needed sanitization.

docRoot $VH_ROOT/web/
vhDomain staging.trupath.com
enableGzip 1
enableBr 1

errorlog $VH_ROOT/logs/$VH_NAME.error.log {
useServer 0
logLevel ERROR
rollingSize 10M
keepDays 7
}

accesslog $VH_ROOT/logs/$VH_NAME.access.log {
useServer 0
rollingSize 10M
keepDays 7
compressArchive 1
}

index {
useServer 0
indexFiles index.php, index.html, index.htm
autoIndex 0
}

scripthandler {
add lsapi:lsphp74 php
}

accessControl {
allow *
}

context / {
location $VH_ROOT/web/
allowBrowse 1

rewrite {
enable 1
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteRule ^^code_authentication /app/mu-plugins/trupath-two-factor-authentication/code_authentication.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteRule ^(xmlrpc.php|wp-trackback.php) - [F,L,NC]
}
addDefaultCharset off

phpIniOverride {
php_flag display_errors Off
php_value memory_limit 712M
php_value upload_max_filesize 128M
php_value post_max_size 130M
php_value date.timezone American/New_York
php_value error_reporting E_ALL
php_value max_execution_time 0
}
}

rewrite {
enable 1
autoLoadHtaccess 1
RewriteCond %{SERVER_PORT} ^80$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
}

vhssl {
keyFile /etc/letsencrypt/live/$VH_NAME/privkey.pem
certFile /etc/letsencrypt/live/$VH_NAME/fullchain.pem
certChain 1
}

The contents were posted in a public forum.
You still need to review the contents and make whatever changes are necessary to ensure a secure environment.

That seems to lead nowhere.

Are there any access/error logs?
Maybe we can get a clue there why the ACME challenge requests failed:

The items found in the vhost and server error logs referencing staging.trupath.com:

2024-02-05 14:24:36.416267 [INFO] [3839] [PlainConf] [virtualHostConfig:] start parsing file /usr/local/lsws/conf/vhosts/staging.trupath.com/vhconf.conf
2024-02-05 14:24:36.416541 [INFO] [3839] [PlainConf] [virtualHostConfig:] Finished parsing file /usr/local/lsws/conf/vhosts/staging.trupath.com/vhconf.conf

2024-02-05 14:24:36.417210 [INFO] [3839] [config:server:vhosts:vhost:staging.trupath.com] config context /.

2024-02-05 14:24:36.417297 [INFO] [3839] RewriteFile [/usr/local/lsws/staging.trupath.com/web/.htaccess] parsed, return 0.

024-02-06 02:57:44.036148 [WARN] [8398] [config:server:vhosts:vhost:staging.trupath.com] Uid of /usr/local/lsws/staging.trupath.com/web/ is 0, smaller than minimum requirement 11, use server uid!
2024-02-06 02:57:44.036153 [WARN] [8398] [config:server:vhosts:vhost:staging.trupath.com] Gid of /usr/local/lsws/staging.trupath.com/web/ is 65534, smaller than minimum requirement 10, use server gid!
2024-02-06 02:57:44.037165 [INFO] [8398] [config:server:vhosts:vhost:staging.trupath.com] config context /.

I don't know LiteSpeed very well either but that looks important. Is that supposed to happen?

What changes have happened on your system since Dec10 when you last got that cert? It was renewing every 60 days just fine but now the --dry-run fails.

Was there some reason you tried to renew "earlier" than usual? That cert would normally not have renewed until around Feb10.

That UID/GID message was a one-off in the logs. I have not seen it again.

The big change is a move to a new server since Dec 10. Brand-new, ground-up build to a new hosting provider. I personally did not try to renew the cert early; not sure who did.

I suppose a full renewal motion would fail just as certainly as the dry-run did, correct?

Yes, it would. I was just trying to understand more about the background.

Clearly something is very different with your new setup.

How did you transfer the /etc/letsencrypt folders from the old to the new server? You would have had to do that to try the "renew" command rather than getting fresh certs on the new server.

And, is your DNS pointing to the IP addresses of your new server?

I took this project over from another sysadmin.

The /etc/letsencrypt folder was transferred between servers with an rsync command that preserved file permissions and symlinks during transfer. There were a total of 13 certs for 13 sites. Once transferred, I had to correct a missing virtual host /web path on each one in /renew to get them working - except for staging.trupath.com that stubbornly refuses to work. I cannot find any permissions or other issue that would block the dry-run update. The DNS is confirmed to be pointing to the new server.

Here is what a certbot renew dry-run look like on the new server:
The following simulated renewals succeeded:
/etc/letsencrypt/live/staging.amhealth.com/fullchain.pem (success)
/etc/letsencrypt/live/staging.detoxcenterla.com/fullchain.pem (success)
/etc/letsencrypt/live/staging.goldfinchservicesnj.com/fullchain.pem (success)
/etc/letsencrypt/live/staging.innovative-aba.com/fullchain.pem (success)
/etc/letsencrypt/live/staging.novodetox.com/fullchain.pem (success)
/etc/letsencrypt/live/staging.qtreatment.com/fullchain.pem (success)
/etc/letsencrypt/live/staging.theaddictsnetwork.com/fullchain.pem (success)
/etc/letsencrypt/live/staging.thedetoxcenter.com/fullchain.pem (success)
/etc/letsencrypt/live/staging.thedetoxcenterla.com/fullchain.pem (success)
/etc/letsencrypt/live/staging.trupathrecovery.com/fullchain.pem (success)

The following simulated renewals failed:
/etc/letsencrypt/live/staging.trupath.com/fullchain.pem (failure)

Here is the same certbot command on the old server. Note that ALL of the staging.* certs fail renewal due to an incorrect virtual root:

The following simulated renewals failed:
/etc/letsencrypt/live/staging.amhealth.com/fullchain.pem (failure)
/etc/letsencrypt/live/staging.detoxcenterla.com/fullchain.pem (failure)
/etc/letsencrypt/live/staging.goldfinchservicesnj.com/fullchain.pem (failure)
/etc/letsencrypt/live/staging.innovative-aba.com/fullchain.pem (failure)
/etc/letsencrypt/live/staging.novodetox.com/fullchain.pem (failure)
/etc/letsencrypt/live/staging.qtreatment.com/fullchain.pem (failure)
/etc/letsencrypt/live/staging.sylvandetox.com-0001/fullchain.pem (failure)
/etc/letsencrypt/live/staging.theaddictsnetwork.com/fullchain.pem (failure)
/etc/letsencrypt/live/staging.thedetoxcenter.com/fullchain.pem (failure)
/etc/letsencrypt/live/staging.thedetoxcenterla.com/fullchain.pem (failure)
/etc/letsencrypt/live/staging.trupath.com-0001/fullchain.pem (failure)
/etc/letsencrypt/live/staging.trupath.com/fullchain.pem (failure)
/etc/letsencrypt/live/staging.trupathrecovery.com/fullchain.pem (failure)

Given the above, I do not see how ANY staging cert could be successfully renewed on the old server. SIDEBAR: I noted the presence of a /etc/letsencrypt/live/staging.trupath.com-0001/fullchain.pem (failure) on the prod server. That entry was not copied over; any idea why there would be a 0001 entry for the same domain name?
/etc/letsencrypt/live/staging.trupath.com-0001/fullchain.pem
/etc/letsencrypt/live/staging.trupath.com/fullchain.pem

If you ran Certbot on the old server while your DNS IP point to your new server none will renew. Because Certbot makes a challenge token on the machine it runs (the old) but the Let's Encrypt Server queries the IP in the public DNS (the new). So, the new server does not have the token created by Certbot on the old machine. Is this what you tried to do?

Yes, often means something went wrong with the original so a -0001 was created when someone changed something. Can you post contents of both the original and the -0001 file from the old server?