Certbot-auto renewal - dry-run failure

Hello,
I have a current certificate but wanted to set up a auto-renewal but after adding the following cronjob i get the renew failure.
45 2 * * 6 cd /etc/letsencrypt/ && ./certbot-auto renew && /opt/bitnami/ctlscript.sh restart

Could anyone help with diagnosing my issue?
Best regards,
Ben

My domain is:
https://www.hocvietngu.com/
I ran these 2 commands:
sudo -i
cd /etc/letsencrypt/ && ./certbot-auto renew --dry-run && /opt/bitnami/ctlscript.sh restart
It produced this output:

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for hocvietngu.com
http-01 challenge for www.hocvietngu.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (hocvietngu.com) from /etc/letsencrypt/renewal/hocvietngu.com.conf produced an unexpected
error: Failed authorization procedure. www.hocvietngu.com (http-01): urn:acme:error:connection :: The server could
not connect to the client to verify the domain :: Fetching https://www.hocvietngu.com.well-known/acme-challenge/FA4
7KYgg6PAtikL0FhGlbfpwesR5hBs9G5boNWiz2zg: Error getting validation data, hocvietngu.com (http-01): urn:acme:error:c
onnection :: The server could not connect to the client to verify the domain :: Fetching https://www.hocvietngu.com
.well-known/acme-challenge/QZVLrL1wkvbJKwYCjK_KUSgcrehScxRuQRxF9yxWr6U: Error getting validation data. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/hocvietngu.com/fullchain.pem (failure)

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/hocvietngu.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:

• The following errors were reported by the server:
  Domain: www.hocvietngu.com
  Type: connection
  Detail: Fetching
  https://www.hocvietngu.com.well-known/acme-challenge/FA47KYgg6PAtikL0FhGlbfpwesR5hBs9G5boNWiz2zg:
  Error getting validation data
  Domain: hocvietngu.com
  Type: connection
  Detail: Fetching
  https://www.hocvietngu.com.well-known/acme-challenge/QZVLrL1wkvbJKwYCjK_KUSgcrehScxRuQRxF9yxWr6U:
  Error getting validation data

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you’re using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided.
  My web server is (include version):

The operating system my web server runs on is (include version):Debian (8)

My hosting provider, if applicable, is:
Google Cloud running Moodle Certified by Bitnami
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No.

The web server is sending an incorrect redirect -- it's missing a "/" between the domain and path.

Check the Apache configuration for something like "Redirect / https://www.hocvietngu.com" and add a "/" so it's something like "Redirect / https://www.hocvietngu.com/".

Thanks for that.
I added the back slash “/” in the following config file, (/opt/bitnami/apache2/conf/bitnami/bitnami.conf ) see below, but I still got an error when doing a dry-run.
Any ideas?

 # Default Virtual Host configuration.
<IfVersion < 2.3 >
  NameVirtualHost *:80
  NameVirtualHost *:443
</IfVersion>
<VirtualHost _default_:80>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
ServerName www.hocvietngu.com
ServerAlias hocvietngu.com 
Redirect / https://www.hocvietngu.com/
  <Directory "/opt/bitnami/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    <IfVersion < 2.3 >
      Order allow,deny
      Allow from all
    </IfVersion>
    <IfVersion >= 2.3 >
      Require all granted
    </IfVersion>
  </Directory>
  # Error Documents
  ErrorDocument 503 /503.html
  # Bitnami applications installed with a prefix URL (default)
  Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>
# Default SSL Virtual Host configuration.
<IfModule !ssl_module>

Hi @myVietTutor, that is a forward slash (the backslash is \). But it's the right slash to add here.

Did you restart Apache after making this change?

If so, could you check whether there is any other Redirect or RewriteRule present anywhere?

For example

grep -i -r Redirect /opt/bitnami/apache2/conf
grep -i -r RewriteRule /opt/bitnami/apache2/conf

And what error message are you receiving now?

As an aside I’ve seen this exact issue posted to this forum at least 5 times now. Might be worth reporting this upstream to save future travelers, but I’m not sure whether Bitnami is actually responsible for this redirect.

I’m pretty sure that this issue has been affecting lots of non-Bitnami users too, so I’m not sure if there’s a correlation there yet.

Hello @schoen
yes you are quite right. A forward slash indeed
Also restarting the Apache server worked. I got a successful message. Didn’t think of doing that.
Thanks again for this help. Appreciate this forum.

Cheers,
Ben

Thanks Matt @mnordhoff I appreciate your time to help me out here.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.