Certbot Failing To Renew Certificate


#1

My domain is: wrapped.scholarpack3.co.uk

I ran this command: 0 0,12 * * * env PATH="$PATH:/usr/sbin" /root/certbot-auto renew --pre-hook “/sbin/service nginx stop” --post-hook “/sbin/service nginx start” > /tmp/lets-encrypt_cert_log.log 2>&1

It produced this output:

https://pastebin.com/WB3QPiYW

My web server is (include version): https://pastebin.com/WB3QPiYW

The operating system my web server runs on is (include version): CentOS release 6.10 (Final)

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): N/A

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot-auto - certbot 0.30.2


#2

Can you show us the rest of Certbot’s output?


#3

Yeah sure, here’s the log output https://pastebin.com/gEUeFwzB - I’ve replaced the domain in the log with subdomain.example.co.uk - there are others which can be ignored example.co.uk and subdomain2.example.co.uk.

Also, here’s the virtual config file https://pastebin.com/gsRavvZh.


#4

Looking at the first part of the log,

2019-02-06 12:00:48,939:INFO:certbot.auth_handler:http-01 challenge for example.co.uk
2019-02-06 12:00:48,984:INFO:certbot_nginx.http_01:Using default address 80 for authentication.
2019-02-06 12:00:48,986:DEBUG:certbot_nginx.http_01:Generated server block:
[[['server'], [['listen', '80'], ['server_name', 'example.co.uk'], ['root', '/var/lib/letsencrypt/http_01_nonexistent'], [['location', '=', '/.well-known/acme-challenge/FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0'], [['default_type', 'text/plain'], ['return', '200', 'FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0.lpk35UZHk93QJD25xXO8QY5cp41Zlsnd7-MVW8IITy8']]]]]]

and

http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;
server_names_hash_bucket_size 128;

Certbot’s failing to find any existing port 80 virtual host for example.co.uk, so it’s temporarily creating a new one. If there already is one, that’s probably not gonna go well.

It might not understand the listen directives.

Let’s Encrypt, obviously, sends an HTTP request and then gets a 404 Not Found error generated by… a Python web application framework?

Also, example.co.uk has 3 IP addresses. Do they all go to the correct server?


#5

No, one of them goes to a different server but the account config is still referenced in case we have to go back to it.

Following on from what you have said, is this lingering account for “example.co.uk” potentially causing issues?


closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.