Hi,
I’m the admin of a non-profit human rights NGO and have used letsencrypt with certbot to use https on our website, saram-nk.org. We’ve recently updated our website and now it seems that something’s broken with the automatic certificate renewal process of certbot. The certificate is still valid for 9 days, but when I try a dry run of the certificate renewal process, I receive the error message you can see below.
I have manually created the directories /site/.well-known/acme-challenge, where /site is the web-root directory of the website and set the rights of these directories to 755. I have added the following lines to the .htaccess-file of the web-root directory:
RewriteEngine On
RewriteCond %{REQUEST_URI} !.well-known/acme-challenge
RewriteCond %{HTTP_HOST} ^www.(.)$ [NC]
RewriteRule ^(.)$ https://%1/$1 [R=301,L]
The directory is now accessible: https://saram-nk.org/.well-known/acme-challenge/
Nevertheless, the dry run of the certification renewal process still fails.
Any help is highly appreciated.
My domain is: saram-nk.org
I ran this command:sudo certbot renew --dry-run
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/saram-nk.org.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for saram-nk.org
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (saram-nk.org) from /etc/letsencrypt/renewal/saram-nk.org.conf produced an unexpected error: Failed authorization procedure. saram-nk.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://saram-nk.org/.well-known/acme-challenge/_usoAhbG7TRL19QssHPzETod6HxQXLUWUfkCfKjpOsM: "<!doctype html>
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/saram-nk.org/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: saram-nk.org
<meta name="viewport" content="width=device-width, initi"
Type: unauthorized
Detail: Invalid response from
http://saram-nk.org/.well-known/acme-challenge/_usoAhbG7TRL19QssHPzETod6HxQXLUWUfkCfKjpOsM:
"<!doctype html>To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
Distributor ID: Ubuntu
Description: Ubuntu 14.04.5 LTS
Release: 14.04
Codename: trusty
The operating system my web server runs on is (include version): Server version: Apache/2.4.25 (Ubuntu)
My hosting provider, if applicable, is: strato.de
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no