I noticed that my certs didn’t renew automatically after I got my notification email that my certs were expiring soon. So I started investigating. I thought I had set up a cron job to renew them but I can’t find any evidence that I actually did. I noticed the documentation says that “The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire”. But they obviously didn’t. Do I need to set up my own cron job to renew them or does cerbot handle renewal automatically?
For now I got new certificates using sudo certbot certonly --standalone -d scottgauche.com
, I had to set my port forwarding for 443 and 80 to my Pi.
Then I tried running sudo certbot renew --dry-run
and it failed. I’m not certain why, but it seems like a permissions issue. How would I resolve this?
Thanks!
My domain is:
scottgauche.com
I ran this command:
sudo certbot renew --dry-run
It produced this output:
pi@raspberrypi:~ $ sudo certbot renew --dry-run
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/scottgauche.com.conf
-------------------------------------------------------------------------------
2017-01-12 19:48:15,404:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/scottgauche.com.conf produced an unexpected error: Failed authorization procedure. scottgauche.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested 5a93afb71efad553cc69f51bf655b829.1456c3c39be14424550462ef30469c4f.acme.invalid from ##.##.##.##:443. Received certificate containing 'scottgauche.com'. Skipping.
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/scottgauche.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: scottgauche.com
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
Requested
5a93afb71efad553cc69f51bf655b829.1456c3c39be14424550462ef30469c4f.acme.invalid
from 68.37.86.252:443. Received certificate containing
'scottgauche.com'
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
My operating system is (include version):
Raspberry Pi Jessie
My web server is (include version):
I’m using cerbot to create certificates to use with Home Assistant. I’m not sure what Home Assistant runs.
My hosting provider, if applicable, is:
I’m hosting Home Assistant on my RPi
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No