Hi there,
I'm runing let's encrypt on a Debian 9 Apache2 webserver.
I have multiple virtualhosts with diffrent domains on this server.
so some of my certs are due to renewal but whenever i run "certbot renew" i always get errors like this:
Output
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for domain.tdl
http-01 challenge for www.domain.tdl
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/domain.tdl.conf produced an unexpected error: Failed authorization procedure. www.domain.tdl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.domain.tdl/.well-known/acme-challenge/LNI2jSG8Vgh051uY9AoUBD8AGaUkm6IWgmKtlg5E788: "
Not Found
<p", domain.tdl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.tdl/.well-known/acme-challenge/FiyuPUq3hank_dJcz-DUZEuaGUCks72V-_xQ-yiSlrM: " 404 Not FoundNot Found
or the output after the cerbot renew run
404 Not FoundDomain: domain.tld
Type: unauthorized
Detail: Invalid response from
http://domain.tld/.well-known/acme-challenge/FiyuPUq3hank_dJcz-DUZEuaGUCks72V-_xQ-yiSlrM:
"
Not Found
<p"To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
I tried a lot of things found in this forum but nothing really helps.
I can navigate to /.well-known in my browser and if I create /acme-challange/test i can open this too in my brwoser.
here is my .htaccess where I exclude /.well-know to not get redirected to https
.htaccess
AddDefaultCharset UTF-8
Options -Indexes
RewriteEngine on
RewriteBase /
RewriteRule ^(.well-known)($|/) - [L]
RewriteCond %{HTTPS} off
RewriteRule ^(.)$ https://%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{REQUEST_URI} ^/[^.]+[^/]$
RewriteRule ^(.)$ https://%{HTTP_HOST}/$1/ [R=301,L]
RewriteCond %{THE_REQUEST} ^./index.php
RewriteRule ^(.*)index.php$ /$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php [L]
php_flag magic_quotes_gpc Off
When I just run "Certbot certonly -w Webroot -d domain.tld -d www.domain.tdl -m mail@me.tld --rsa-key-size 4096"
it all works fine and the cert is renewed
does anyone know where the problem is?
The command is run as root so it should have sufficient rights to create everything it needs.
I'm trying to fix this since days and cant get it to work.
Thanks in advance