I have taken over a Digital Ocean server at work by an employee who is no longer here and some of our certificates are not renewing. I’m not really a ‘server guy’ so this is out of my comfort zone and I could use some pointers.
I know all of the certificates were being renewed in the past as I’d integrated several StatusCake tests with our team’s Discord server. I would see the upcoming expiration notice and then a successful renewal. This has stopped recently and two domains expired and I can’t renew them successfully. I’ll fill out the questions here and provide as much detail as I can.
I’m concerned that the challenges which fail are failing with an empty string. Several domains are showing this. I’ve provided the output below.
My domain is: www.keylogic.ca keylogic.ca
I ran this command: certbot renew
It produced this output:
Attempting to renew cert (keylogic.ca) from /etc/letsencrypt/renewal/keylogic.ca.conf produced an unexpected error: Failed authorization procedure. www.keylogic.ca (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge “AP5zJP33NVm6GlP-RBXISaeZTys-9O4wOfHl1czGf9Q.E1QS09vT95l-xxWbiWnUP24ePZ9EgKsRo_YTObqj4eE” != “”, keylogic.ca (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge “YZ1-JXd4WOkaVCi9XIYIfpnzkZpPbIKVMOG86CLi6K8.E1QS09vT95l-xxWbiWnUP24ePZ9EgKsRo_YTObqj4eE” != “”. Skipping.
Domain: keylogic.ca
Type: unauthorized
Detail: The key authorization file from the server did not match
this challenge
“YZ1-JXd4WOkaVCi9XIYIfpnzkZpPbIKVMOG86CLi6K8.E1QS09vT95l-xxWbiWnUP24ePZ9EgKsRo_YTObqj4eE”
!= “”
My web server is (include version): Apache 2.4.29
OS: Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-99-generic x86_64)
My hosting provider, if applicable, is: Amazon
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): 0.31.0