Hi.
We have been using this server for two years and have never had any problems with the renewal of the certificate. Then we updated to version 0.28 to create new certificates with http-01 but now we have the error you see below. The dns are pointing correctly, we have reset them and made them repaint and everything works by pinging. But we can no longer create the certificate. What can you depend on?
My domain is: mydomain.it
I ran this command: certbot renew
It produced this output:
Processing /etc/letsencrypt/renewal/mydomain.it.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mydomain.it
http-01 challenge for www.mydomain.it.it
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (mydomain.it.it) from /etc/letsencrypt/renewal/mydomain.it.conf produced an unexpected error: Failed authorization procedure. www.mydomain.it (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.mydomain.it/.well-known/acme-challenge/YukIpqz6twLz9mvw3vf8J82mJ8lVlvXRd9KMO8JPb0o [37.187.171.38]: “\n\n<!–[if IE 9]>\n<html lang=“en” class=“ie9 no-js”>”, mydomain.it (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mydomain.it/.well-known/acme-challenge/Ur119PCPNOGZBPhMKVLBptA6XPGSJ8uo4k99R_Po3xo [37.187.171.38]: “\n\n<!–[if IE 9]>\n<html lang=“en” class=“ie9 no-js”>”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mydomain.it/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mydomain.it/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: www.mydomain.it
Type: unauthorized
Detail: Invalid response from
http://www.mydomain.it/.well-known/acme-challenge/YukIpqz6twLz9mvw3vf8J82mJ8lVlvXRd9KMO8JPb0o
[37.187.171.38]: “\n\n<!–[if IE
9]>\n<html lang=“en” class=“ie9 no-js”>”Domain: mydomain.it
Type: unauthorized
Detail: Invalid response from
http://mydomain.it/.well-known/acme-challenge/Ur119PCPNOGZBPhMKVLBptA6XPGSJ8uo4k99R_Po3xo
[37.187.171.38]: “\n\n<!–[if IE
9]>\n<html lang=“en” class=“ie9 no-js”>”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): apache
The operating system my web server runs on is (include version): Ubuntu 16.04.4 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot/xenial,xenial,now 0.28.0-1+ubuntu16.04.1+certbot+4 all