I ran this command: sudo ./certbot-auto renew This output:
Processing /etc/letsencrypt/renewal/bugzilla.game.xxx.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for bugzilla.game.xxx.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (bugzilla.game.xxx.com) from /etc/letsencrypt/renewal/bugzilla.game.xxx.com.conf produced an unexpected error: Failed authorization procedure. bugzilla.game.xxx.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://bugzilla.game.xxx.com/.well-known/acme-challenge/QliKipQIn9Zdd6y3-CSa6GUGP__4I3SjcvSHmTib1h4: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p". Skipping.
But if i comment out “redirect / https://bugzilla.game.xxx.com” in apache config then Work! Pleas help me take certbot-auto renew success with crontab ,not manual comment out “redirect / https:…”
<VirtualHost *:80>
ServerName bugzilla.game.xxx.com
ServerAdmin root@xxx.com
DocumentRoot /projects/bugzilla/web/docroot
Redirect permanent / https://bugzilla.game.xxx.com
<Directory /projects/bugzilla/web/docroot/>
Order allow,deny
AddHandler cgi-script .cgi
Options +ExecCGI
DirectoryIndex index.cgi index.html
AllowOverride All
</Directory>
<IfModule mpm_itk_module>
AssignUserId bugzilla bugzilla
</IfModule>
ErrorLog ${APACHE_LOG_DIR}/bugzilla/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/bugzilla/access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName bugzilla.game.xxx.com
ServerAdmin root@xxx.com
DocumentRoot /projects/bugzilla/web/docroot
<Directory /projects/bugzilla/web/docroot/>
AddHandler cgi-script .cgi
Options +ExecCGI
DirectoryIndex index.cgi index.html
AllowOverride All
</Directory>
<IfModule mpm_itk_module>
AssignUserId bugzilla bugzilla
</IfModule>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/bugzilla/error.log
CustomLog ${APACHE_LOG_DIR}/bugzilla/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/letsencrypt/live/bugzilla.game.xxx.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bugzilla.game.xxx.com/privkey.pem
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
SSLCertificateChainFile /etc/letsencrypt/live/bugzilla.game.xxx.com/chain.pem
Processing /etc/letsencrypt/renewal/bugzilla.game.the-im.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Attempting to renew cert (bugzilla.game.the-im.com) from /etc/letsencrypt/renewal/bugzilla.game.the-im.com.conf produced an unexpected error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new authz :: Too many invalid authorizations recently.. Skipping.
There is no need for those rewrite rules, both VirtualHosts (80 & 443) are using the same DocumentRoot so fixing the Redirect directive adding a trailing slash would solve the issue.