Certbot/Letsencrypt renew fails after working up to march 10th

Garry · May 24, 2020, 7:14am

So, I’ve been running LetsEncrypt for quite some time now, on several servers. Also the one in question …
Renewal is pending, but I couldn’t get it to work … it kept complaining the challenge couldn’t be completed, logs showed 404’s.

After some debugging I noticed that on my conf files, which contain separate VirtualHost sections for v4 and v6 as combined files, only the first VirtualHost section gets the Include for the two additional config options that LE needs for the Rewrite, the second (v6) does not. So, with v6 preferred by the challenge servers, the query fails.

I then split up my config file between v4 and v6 blocks, and could see that during the dry-run, while the v6 file had a new timestamp, again the include statements required for the rewrite were missing …

I know that the files had NOT been altered since March 10th, which was the last time the renewal ran (successfully).

Any idea what might be causing Certbot/Letsencrypt renewal to not update the config file???

rg305 · May 24, 2020, 7:19am

What version of Certbot/Letsencryt are you using?

Garry · May 24, 2020, 6:49pm

0.27.0 on current Ubuntu 18.04 …

rg305 · May 24, 2020, 6:51pm

That could use some updating.
[I see 0.31.0 on Ubuntu 18.04]

Garry · May 24, 2020, 7:06pm

apt update/upgrade doesn’t give me anything newer …

Anyway, fixed it by replacing the separate v4/v6 definitions in the files (with the verbose v4/v6 addresses) by the DNS names, which resolve to both A and AAAA records … which I guess is “cleaner” anyway …

system · June 23, 2020, 7:06pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.