Certbot renew al failure

Hi everyone, i might have messed up my configuration and im not able to renew the certificate, any idea how to fix this ?

My domain is:

I ran this command:
certbot renews

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/sica-web.app.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for sica-web.app
http-01 challenge for www.sica-web.app
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (sica-web.app) from /etc/letsencrypt/renewal/sica-web.app.conf produced an unexpected error: Failed authorization procedure. www.sica-web.app (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.sica-web.app/.well-known/acme-challenge/QR3ag6WPl60pRzIwxQeYiTIJdtkoOBtNoY7Yq_YjVCQ []: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

”, sica-web.app (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://sica-web.app/.well-known/acme-challenge/v_oTd2qkYLAAGGEn8kZ_v766Gipq_Grob7e6qnZLf18 []: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/sica-web.app/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/sica-web.app/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)


My web server is (include version):
Ubuntu 18.04.1

My hosting provider, if applicable, is:
Digital ocean

I can login to a root shell on my machine (yes or no, or I don’t know):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.23.0

Hi @crashbdx

your configuration isn't good, but certificate creation should work ( https://check-your-website.server-daten.de/?q=sica-web.app ):

Domainname Http-Status redirect Sec. G
http://sica-web.app/ 200 0.537 H
http://www.sica-web.app/ 200 0.537 H
https://sica-web.app/ 200 2.794 A
https://www.sica-web.app/ 200 2.570 A
http://sica-web.app/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 0.530 A
Not Found
Visible Content: 404 Not Found nginx/1.14.0 (Ubuntu)
http://www.sica-web.app/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 0.533 A
Not Found
Visible Content: 404 Not Found nginx/1.14.0 (Ubuntu)

Port 80 is open, checking /.well-known/acme-challenge/random-filename there is the expected result http status 404 - Not Found.

You have a

Server: nginx/1.14.0 (Ubuntu)

so check your port 80 vHost to find your root, then use it:

certbot run -a webroot -i nginx -w yourRoot -d sica-web.app -d www.sica-web.app

Perhaps update your Certbot, 0.23 is very old.

I tried the following:

certbot run -a webroot -i nginx -w /home/sites/webapp -d sica-web.app -d www.sica-web.app

But getting this:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested nginx plugin does not appear to be installed

As im not really sure what i done and the version seem outdated, is there a simple way to just remove everything and redo a clean install and generate a new certificate? or do i have to do that after the current one expired?

You have to update your certbot.

0.23 is too old, if nginx isn’t supported.

Or you try to use certonly, so you have to install the certificate manual.

But I don’t think you want to do that every 60 - 85 days.

Or switch to certbot-auto. Your Ubuntu should be ok.

I updated certbot to 0.31.0 then just did:

sudo certbot --nginx -d sica-web.app -d www.sica-web.app

and got:

Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://sica-web.app and

You should test your configuration at:

Now valid untill: Sun, 04 Aug 2019 13:34:15 UTC (expires in 2 months and 28 days)

Thing is i use certbot-auto on another server, i probably should switch to it on this one too, do i just uninstall certbot and install certbot-auto or there might be conflicts?

Thanks a lot for all the help, saved my day :slight_smile:

1 Like

Happy to read that it had worked!

If you have a working configuration, use it.

Yes seem its working now so will just keep this configuration for now. :slight_smile: thanks for everything.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.