Certbot Failing To Renew Certificate

jwashington104 · February 7, 2019, 8:57am

My domain is: wrapped.scholarpack3.co.uk

I ran this command: 0 0,12 * * * env PATH="$PATH:/usr/sbin" /root/certbot-auto renew --pre-hook “/sbin/service nginx stop” --post-hook “/sbin/service nginx start” > /tmp/lets-encrypt_cert_log.log 2>&1

It produced this output:

https://pastebin.com/WB3QPiYW

My web server is (include version): https://pastebin.com/WB3QPiYW

The operating system my web server runs on is (include version): CentOS release 6.10 (Final)

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): N/A

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot-auto - certbot 0.30.2

mnordhoff · February 7, 2019, 9:01am

Can you show us the rest of Certbot’s output?

jwashington104 · February 7, 2019, 12:43pm

Yeah sure, here’s the log output https://pastebin.com/gEUeFwzB - I’ve replaced the domain in the log with subdomain.example.co.uk - there are others which can be ignored example.co.uk and subdomain2.example.co.uk.

Also, here’s the virtual config file https://pastebin.com/gsRavvZh.

mnordhoff · February 7, 2019, 1:02pm

Looking at the first part of the log,

2019-02-06 12:00:48,939:INFO:certbot.auth_handler:http-01 challenge for example.co.uk
2019-02-06 12:00:48,984:INFO:certbot_nginx.http_01:Using default address 80 for authentication.
2019-02-06 12:00:48,986:DEBUG:certbot_nginx.http_01:Generated server block:
[[['server'], [['listen', '80'], ['server_name', 'example.co.uk'], ['root', '/var/lib/letsencrypt/http_01_nonexistent'], [['location', '=', '/.well-known/acme-challenge/FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0'], [['default_type', 'text/plain'], ['return', '200', 'FK6l0bTOwFcmfbJINs4noVyfRD9PIhE3-_MJyNyCow0.lpk35UZHk93QJD25xXO8QY5cp41Zlsnd7-MVW8IITy8']]]]]]

and

http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;
server_names_hash_bucket_size 128;

Certbot’s failing to find any existing port 80 virtual host for example.co.uk, so it’s temporarily creating a new one. If there already is one, that’s probably not gonna go well.

It might not understand the listen directives.

Let’s Encrypt, obviously, sends an HTTP request and then gets a 404 Not Found error generated by… a Python web application framework?

Also, example.co.uk has 3 IP addresses. Do they all go to the correct server?

jwashington104 · February 12, 2019, 1:50pm

No, one of them goes to a different server but the account config is still referenced in case we have to go back to it.

Following on from what you have said, is this lingering account for “example.co.uk” potentially causing issues?

system · March 14, 2019, 1:50pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.