I’m having issues trying to renew my certificate using certbot. I know I have a duplication error with my Dovecot (it’s in the ufw as both ipv4 and ipv6) but I don’t think that this should matter in this case?
I’m doing the dry run so as not to do too many requests and get locked out.
I manually created a test file which I can access through the browser:
https://www.danh.co.uk/.well-known/acme-challenge/test
so i’m now lost as to why.
As far as I know I have my A record in my DNS set up correctly (i’m using entrydns) and I don’t have an AAAA record for my domain.
My domain is:
www.danh.co.uk
I ran this command:
sudo certbot renew --dry-run
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /letsencryptlocation/www.danh.co.uk.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Running pre-hook command: ufw allow http
Output from ufw:
Rule updated
Rule updated (v6)
Error output from ufw:
WARN: Duplicate profile ‘Dovecot IMAP’, using last found
WARN: Duplicate profile ‘Dovecot Secure IMAP’, using last found
WARN: Duplicate profile ‘Dovecot POP3’, using last found
WARN: Duplicate profile ‘Dovecot Secure POP3’, using last found
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for danh.co.uk
http-01 challenge for www.danh.co.uk
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (www.danh.co.uk) from /letsencryptlocation/www.danh.co.uk.conf produced an unexpected error: Failed authorization procedure. danh.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://danh.co.uk/.well-known/acme-challenge/PbwT3OTDIC0Ra_TeR5E-0FiNoIjt2nq6f3TJ-VnL7RM: “\n\n400 Bad Request\n\n
Bad Request</h1”, www.danh.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.danh.co.uk/.well-known/acme-challenge/aWHaJn_l1pQozJC9IMTDIVTZR99dKJOxKWyEfjPqv3g: “\n\n400 Bad Request\n\nBad Request</h1”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/letsencryptlocation/www.danh.co.uk/chain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/letsencryptlocation/www.danh.co.uk/chain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/letsencryptlocation//www.danh.co.uk/chain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
Running post-hook command: ufw deny http
Output from ufw:
Rule updated
Rule updated (v6)
Error output from ufw:
WARN: Duplicate profile ‘Dovecot IMAP’, using last found
WARN: Duplicate profile ‘Dovecot Secure IMAP’, using last found
WARN: Duplicate profile ‘Dovecot POP3’, using last found
WARN: Duplicate profile ‘Dovecot Secure POP3’, using last found
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: danh.co.uk
Type: unauthorized
Detail: Invalid response from
http://danh.co.uk/.well-known/acme-challenge/PbwT3OTDIC0Ra_TeR5E-0FiNoIjt2nq6f3TJ-VnL7RM:
“\n\n400 Bad
Request\n\nBad Request</h1”
Domain: www.danh.co.uk
Type: unauthorized
Detail: Invalid response from
http://www.danh.co.uk/.well-known/acme-challenge/aWHaJn_l1pQozJC9IMTDIVTZR99dKJOxKWyEfjPqv3g:
“\n\n400 Bad
Request\n\nBad Request</h1”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
apache2
The operating system my web server runs on is (include version):
ubuntu 18.04
I can login to a root shell on my machine yes
I’m using a control panel to manage my site
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.26.1
Thanks!