Certbot-auto renewal - dry-run failure


#1

Hello,
I have a current certificate but wanted to set up a auto-renewal but after adding the following cronjob i get the renew failure.
45 2 * * 6 cd /etc/letsencrypt/ && ./certbot-auto renew && /opt/bitnami/ctlscript.sh restart

Could anyone help with diagnosing my issue?
Best regards,
Ben

My domain is:
https://www.hocvietngu.com/
I ran these 2 commands:
sudo -i
cd /etc/letsencrypt/ && ./certbot-auto renew --dry-run && /opt/bitnami/ctlscript.sh restart
It produced this output:

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for hocvietngu.com
http-01 challenge for www.hocvietngu.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (hocvietngu.com) from /etc/letsencrypt/renewal/hocvietngu.com.conf produced an unexpected
error: Failed authorization procedure. www.hocvietngu.com (http-01): urn:acme:error:connection :: The server could
not connect to the client to verify the domain :: Fetching https://www.hocvietngu.com.well-known/acme-challenge/FA4
7KYgg6PAtikL0FhGlbfpwesR5hBs9G5boNWiz2zg: Error getting validation data, hocvietngu.com (http-01): urn:acme:error:c
onnection :: The server could not connect to the client to verify the domain :: Fetching https://www.hocvietngu.com
.well-known/acme-challenge/QZVLrL1wkvbJKwYCjK_KUSgcrehScxRuQRxF9yxWr6U: Error getting validation data. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/hocvietngu.com/fullchain.pem (failure)

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/hocvietngu.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:

The operating system my web server runs on is (include version):Debian (8)

My hosting provider, if applicable, is:
Google Cloud running Moodle Certified by Bitnami
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No.


#2

The web server is sending an incorrect redirect – it’s missing a “/” between the domain and path.

Check the Apache configuration for something like “Redirect / https://www.hocvietngu.com” and add a “/” so it’s something like “Redirect / https://www.hocvietngu.com/”. :slightly_smiling_face:


#3

Thanks for that.
I added the back slash “/” in the following config file, (/opt/bitnami/apache2/conf/bitnami/bitnami.conf ) see below, but I still got an error when doing a dry-run.
Any ideas?

 # Default Virtual Host configuration.
<IfVersion < 2.3 >
  NameVirtualHost *:80
  NameVirtualHost *:443
</IfVersion>
<VirtualHost _default_:80>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
ServerName www.hocvietngu.com
ServerAlias hocvietngu.com 
Redirect / https://www.hocvietngu.com/
  <Directory "/opt/bitnami/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    <IfVersion < 2.3 >
      Order allow,deny
      Allow from all
    </IfVersion>
    <IfVersion >= 2.3 >
      Require all granted
    </IfVersion>
  </Directory>
  # Error Documents
  ErrorDocument 503 /503.html
  # Bitnami applications installed with a prefix URL (default)
  Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>
# Default SSL Virtual Host configuration.
<IfModule !ssl_module>

#4

Hi @myVietTutor, that is a forward slash (the backslash is \). But it’s the right slash to add here. :slight_smile:

Did you restart Apache after making this change?

If so, could you check whether there is any other Redirect or RewriteRule present anywhere?

For example

grep -i -r Redirect /opt/bitnami/apache2/conf
grep -i -r RewriteRule /opt/bitnami/apache2/conf


#5

And what error message are you receiving now?


#6

As an aside I’ve seen this exact issue posted to this forum at least 5 times now. Might be worth reporting this upstream to save future travelers, but I’m not sure whether Bitnami is actually responsible for this redirect.


#7

I’m pretty sure that this issue has been affecting lots of non-Bitnami users too, so I’m not sure if there’s a correlation there yet.


#8

Hello @schoen
yes you are quite right. A forward slash indeed :grinning:
Also restarting the Apache server worked. I got a successful message. Didn’t think of doing that.
Thanks again for this help. Appreciate this forum.

Cheers,
Ben


#9

Thanks Matt @mnordhoff I appreciate your time to help me out here. :smile:


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.