Cert renew not working

Hi
I am having issues renewing my cert.
I am using a cronjob with the command, but for some reason it does not work anymore.
I like to keep the domain private if possible, since it runs a sensitive webcam,

I ran this command: ./certbot-auto certonly -d subdomain.uk.to

It produced this output:
root@abc:~# ./certbot-auto certonly -d subdomain.uk.to
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find executable apache2ctl in PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Certificate did not match expected hostname: acme-v01.api.letsencrypt.org. Certificate: {'subjectAltName': [('DNS', 'b2b.companyc.com'), ('DNS', 'ii.aveeno.com'), ('DNS', 'ii.bronners.com'), ('DNS', 'ii.cheaperthandirt.com'), ('DNS', 'ii.christmastreeshops.com'), ('DNS', 'ii.countrycurtains.com'), ('DNS', 'ii.crazyshirts.com'), ('DNS', 'ii.designtoscano.com'), ('DNS', 'ii.eastlandshoe.com'), ('DNS', 'ii.especiallyyours.com'), ('DNS', 'ii.frenchtoast.com'), ('DNS', 'ii.gianttiger.com'), ('DNS', 'ii.honeybakedonline.com'), ('DNS', 'ii.modells.com'), ('DNS', 'ii.nancysnotions.com'), ('DNS', 'ii.neostrata.com'), ('DNS', 'ii.paulayoung.com'), ('DNS', 'ii.powr-flite.com'), ('DNS', 'ii.thelook.fashion'), ('DNS', 'ii.theroomplace.com'), ('DNS', 'ii.titlenine.com'), ('DNS', 'ii.urbanbarn.com'), ('DNS', 'ii.wig.com'), ('DNS', 'ii.wilsonsleather.com'), ('DNS', 'ii.worldmarket.com'), ('DNS', 'ii.ylang23.com'), ('DNS', 'ii2.designtoscano.com'), ('DNS', 'ii2.wilsonsleather.com'), ('DNS', 'ii3.designtoscano.com'), ('DNS', 'ii3.wilsonsleather.com'), ('DNS', 'mc2-ii.aws.marketlive.com'), ('DNS', 'store.electrabike.com'), ('DNS', 'vidweb.aws.marketlive.com'), ('DNS', 'www.aveeno.com'), ('DNS', 'www.bettysattic.com'), ('DNS', 'www.brokerforms.com'), ('DNS', 'www.bronners.com'), ('DNS', 'www.cheaperthandirt.com'), ('DNS', 'www.cheaperthandirt.net'), ('DNS', 'www.christmastreeshops.com'), ('DNS', 'www.closeoutzone.com'), ('DNS', 'www.companyc.com'), ('DNS', 'www.countrycurtains.com'), ('DNS', 'www.crazyshirts.com'), ('DNS', 'www.designtoscano.com'), ('DNS', 'www.disneyfloralandgifts.com'), ('DNS', 'www.eastlandshoe.com'), ('DNS', 'www.educationalinsights.com'), ('DNS', 'www.especiallyyours.com'), ('DNS', 'www.exuviance.com'), ('DNS', 'www.frenchtoast.com'), ('DNS', 'www.fulloflife.com'), ('DNS', 'www.gianttiger.com'), ('DNS', 'www.greatland.com'), ('DNS', 'www.griotsgarage.com'), ('DNS', 'www.helzberg.com'), ('DNS', 'www.honeybakedonline.com'), ('DNS', 'www.jjmystore.com'), ('DNS', 'www.learningresources.co.uk'), ('DNS', 'www.learningresources.com'), ('DNS', 'www.lighterside.com'), ('DNS', 'www.marketlive.com'), ('DNS', 'www.nancysnotions.com'), ('DNS', 'www.nelcosolutions.com'), ('DNS', 'www.neostrata.com'), ('DNS', 'www.onekingslane.com'), ('DNS', 'www.paulayoung.com'), ('DNS', 'www.peruvianconnection.co.uk'), ('DNS', 'www.peruvianconnection.com'), ('DNS', 'www.peruvianconnection.de'), ('DNS', 'www.powr-flite.com'), ('DNS', 'www.rogaine.com'), ('DNS', 'www.thelook.fashion'), ('DNS', 'www.theroomplace.com'), ('DNS', 'www.thingsyouneverknew.com'), ('DNS', 'www.titlenine.com'), ('DNS', 'www.wig.com'), ('DNS', 'www.wilsonsleather.com'), ('DNS', 'www.worldmarket.com'), ('DNS', 'www.ylang23.com')], 'subject': ((('commonName', u'ii.worldmarket.com'),),)}
An unexpected error occurred:
SSLError: hostname 'acme-v01.api.letsencrypt.org' doesn't match either of 'b2b.companyc.com', 'ii.aveeno.com', 'ii.bronners.com', 'ii.cheaperthandirt.com', 'ii.christmastreeshops.com', 'ii.countrycurtains.com', 'ii.crazyshirts.com', 'ii.designtoscano.com', 'ii.eastlandshoe.com', 'ii.especiallyyours.com', 'ii.frenchtoast.com', 'ii.gianttiger.com', 'ii.honeybakedonline.com', 'ii.modells.com', 'ii.nancysnotions.com', 'ii.neostrata.com', 'ii.paulayoung.com', 'ii.powr-flite.com', 'ii.thelook.fashion', 'ii.theroomplace.com', 'ii.titlenine.com', 'ii.urbanbarn.com', 'ii.wig.com', 'ii.wilsonsleather.com', 'ii.worldmarket.com', 'ii.ylang23.com', 'ii2.designtoscano.com', 'ii2.wilsonsleather.com', 'ii3.designtoscano.com', 'ii3.wilsonsleather.com', 'mc2-ii.aws.marketlive.com', 'store.electrabike.com', 'vidweb.aws.marketlive.com', 'www.aveeno.com', 'www.bettysattic.com', 'www.brokerforms.com', 'www.bronners.com', 'www.cheaperthandirt.com', 'www.cheaperthandirt.net', 'www.christmastreeshops.com', 'www.closeoutzone.com', 'www.companyc.com', 'www.countrycurtains.com', 'www.crazyshirts.com', 'www.designtoscano.com', 'www.disneyfloralandgifts.com', 'www.eastlandshoe.com', 'www.educationalinsights.com', 'www.especiallyyours.com', 'www.exuviance.com', 'www.frenchtoast.com', 'www.fulloflife.com', 'www.gianttiger.com', 'www.greatland.com', 'www.griotsgarage.com', 'www.helzberg.com', 'www.honeybakedonline.com', 'www.jjmystore.com', 'www.learningresources.co.uk', 'www.learningresources.com', 'www.lighterside.com', 'www.marketlive.com', 'www.nancysnotions.com', 'www.nelcosolutions.com', 'www.neostrata.com', 'www.onekingslane.com', 'www.paulayoung.com', 'www.peruvianconnection.co.uk', 'www.peruvianconnection.com', 'www.peruvianconnection.de', 'www.powr-flite.com', 'www.rogaine.com', 'www.thelook.fashion', 'www.theroomplace.com', 'www.thingsyouneverknew.com', 'www.titlenine.com', 'www.wig.com', 'www.wilsonsleather.com', 'www.worldmarket.com', 'www.ylang23.com'
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): none

The operating system my web server runs on is (include version): Debian 8

I can login to a root shell on my machine (yes or no, or I don’t know): yes

Any help appreciated

Can you run the following:

grep -i letsencrypt /etc/hosts
curl -X GET -Ik https://acme-v01.api.letsencrypt.org
openssl s_client -connect acme-v01.api.letsencrypt.org:443 -showcerts 2>/dev/null | openssl x509 -noout -subject -issuer -modulus

Sure thing, thank you for your response.
Here is the output:

root@abc:~# grep -i letsencrypt /etc/hosts
104.108.34.195 acme-v01.api.letsencrypt.org

root@abc:~# curl -X GET -Ik https://acme-v01.api.letsencrypt.org
HTTP/1.1 403 Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 322
Expires: Thu, 12 Apr 2018 08:24:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 Apr 2018 08:24:20 GMT
Connection: close

root@abc:~# openssl s_client -connect acme-v01.api.letsencrypt.org:443 -showcerts 2>/dev/null | openssl x509 -noout -subject -issuer -modulus
subject= /CN=ii.worldmarket.com
issuer= /C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3
Modulus=C427D9A7D6229234AAFF296507B9666C4F55B521F331026F43EACAE390BF3CEB1E642FE9ACFA748CEF9F58C8A9F93BB0016E5D8D29983367FCC8A0817AA0B66C5708E9A5A602E71E2F426BD8E7FF3D2CF1C2CB954866E2528512DDBFD7C2507F82E7E41C69D8933D41324364BB8EE7ECF8D7744B552D0636F1F93488FF9B2279EA70DDED322B426556020E9AA7044CB28D5560A5F099EB81B7F7692E695ECA8BF3D6330078BB5291CEF6EDDAE7C44B72C59C39BCC98464F184F890157F1278F7358B25740DB915331004A8C9AAF5C29FD10E452117B7D847BA4F6C7FCE08B88CCBB0D56232A448C301F6D4FD9E1FE5BA997193604B55457D8AEB6F51501500B3

I did notice this entry in /etc/hosts when I checked earlier.
I did put it there or I don’t remember.
According to the error this entry might be wrong and needs an edit or be removed?

You're gonna need to delete that line from your /etc/hosts .

Are you from Vietnam by any chance?

Thank you for your reply.
In the meantime I removed the specific line and everything went smoothly afterwards.
Thank you for pointing me in the right direction!

No, sorry. I’m located in Switzerland.

Do you know how that line originally got into your /etc/hosts file? As @_az has noticed, we’ve had several people who had this line there and it was causing problems for them.

This can be a result of an out-of-date workaround for network-based censorship, but I don’t know why a user in Switzerland would have attempted that since the Swiss government isn’t trying to block access to our services.

Sorry, I do not know anymore and was not able to find anything in my shell history either.
Might be it was there because of some ipv4/ipv6 issue I had in the past or a network issue, but I do not remember.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.