Certbot fails after months

My domain is:
okpi.dr-kelle.com

I ran this command:
sudo certbot certonly --webroot -w /var/www/dr-kelle.com -d okpi.dr-kelle.com

It produced this output:
pi@okpi:~ $ sudo certbot certonly --webroot -w /var/www/dr-kelle.com -d okpi.dr-kelle.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for okpi.dr-kelle.com
Using the webroot path /var/www/dr-kelle.com for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Unable to clean up challenge directory /var/www/dr-kelle.com/.well-known/acme-challenge
Failed authorization procedure. okpi.dr-kelle.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://okpi.dr-kelle.com/.well-known/acme-challenge/PxBhg-XJ7Fu-dRylXzpmskIDSGXDMc-8ksm3oDJC6CE [176.198.65.81]: “\n\n\n<meta charset=“utf-8”>\nbody{font-family:Arial,Helvetica,sans-serif;font-size:12px;text-alig”

IMPORTANT NOTES:

My web server is (include version):
nginx version: nginx/1.10.3

The operating system my web server runs on is (include version):
Linux okpi 4.9.59-v7+ #1047 SMP Sun Oct 29 12:19:23 GMT 2017 armv7l GNU/Linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.10.2

Updating the certificate runs for many, many months very well.
Without changing something in the system configuration I get today the error pasted above.

I checked anything but can’t find any reason.
I also checked “Let’s Debug”. The tool give me a green “All OK!” with these results in detail:

I wonder about the found AAAA records, because there is only an A-record.
I’m also wondering about the cutted response code in the section “LetsEncryptStaging” at “text-alig”. In Google Search I found only a french site which reported this failure, but without a solution.

So thank you very much for any hint to solve my problem!

Regards, ok1

1 Like

Hi @ok1

checking your domain there is a Synology answer - https://check-your-website.server-daten.de/?q=okpi.dr-kelle.com

/.well-known/acme-challenge

Visible Content: © 2017 Synology Inc.

So it's always a bad idea to use Certbot, if Synology answers. That can't work.

Looks like you have installed a Synology, now /.well-known/acme-challenge is blocked.

Use the Synology integrated Letsencrypt client to create a certificate.

1 Like

Hi @JuergenAuer, thank you very much for your help. You give me the hint I needed. The check tool is very helpful too. Regards, Olaf

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.