Certbot Renew Challenge failed

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: funkthetown.net

I ran this command: Certbot Renew

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/www.funkthetown.net.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for funkthetown.net
http-01 challenge for www.funkthetown.net
Using the webroot path /root/Funkthetown for all unmatched domains.
Waiting for verification...
Challenge failed for domain funkthetown.net
Challenge failed for domain www.funkthetown.net
http-01 challenge for funkthetown.net
http-01 challenge for www.funkthetown.net
Cleaning up challenges
Attempting to renew cert (www.funkthetown.net) from /etc/letsencrypt/renewal/www.funkthetown.net.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.funkthetown.net/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.funkthetown.net/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

My web server is (include version):

The operating system my web server runs on is (include version): ubuntu 20.4

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.4

The renew function was working the last quater.
The only change made was the changement of structure of code.
I now have a Backend end Frontend Folder.

Please can you tell me what to check to make it work.

Thanks a lot

1 Like
2

Welcome to the community @HAO73

The "connection refused" error means the Let's Encrypt server cannot reach your domain using HTTP. I get the same error from my own test server for your "home" page. And, the Let's Debug test site is also refused (see here).

Can you connect to your domain from outside your own network? You can use a cell phone with wifi off to use your provider's network.

From my tests no one can connect to your domain from the internet.

3 Likes
3

Hi Mike, thanks for welcoming and for help.

the pm2 start app.js was not done.

So now, it's ok. I get the same error.

I think that was your request.

1 Like
4

The SAME error? Because Let's Debug tests fine and I can see your site fine so the "connection refused" seems resolved.

Can you show the output of the failing command like you did in the first post?

3 Likes
5

Yes, sorry. Connection is allright but certbot renew still down.

Sure, here it is :

root@localhost:~# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/www.funkthetown.net.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for funkthetown.net
http-01 challenge for www.funkthetown.net
Using the webroot path /root/Funkthetown for all unmatched domains.
Waiting for verification...
Challenge failed for domain funkthetown.net
Challenge failed for domain www.funkthetown.net
http-01 challenge for funkthetown.net
http-01 challenge for www.funkthetown.net
Cleaning up challenges
Attempting to renew cert (www.funkthetown.net) from /etc/letsencrypt/renewal/www.funkthetown.net.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.funkthetown.net/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.funkthetown.net/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

6

Please show this file:

3 Likes
7

not sure i did well but just copied the line into my terminal, give this :

root@localhost:~# /etc/letsencrypt/renewal/www.funkthetown.net.conf
-bash: /etc/letsencrypt/renewal/www.funkthetown.net.conf: Permission denied

8

Here ,it is, hope that what you are looking for :

version = 0.40.0
archive_dir = /etc/letsencrypt/archive/www.funkthetown.net
cert = /etc/letsencrypt/live/www.funkthetown.net/cert.pem
privkey = /etc/letsencrypt/live/www.funkthetown.net/privkey.pem
chain = /etc/letsencrypt/live/www.funkthetown.net/chain.pem
fullchain = /etc/letsencrypt/live/www.funkthetown.net/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = e684dec94d2c587516e4be925a1f1380
authenticator = webroot
server = https://acme-v02.api.letsencrypt.org/directory
webroot_path = /root/Funkthetown,
[[webroot_map]]
funkthetown.net = /root/Funkthetown
www.funkthetown.net = /root/Funkthetown
9

Can you confirm that is the correct webroot path?

2 Likes
10

Not sure of the webroot terminology.

Here the architecture of my folder :
root@localhost:~/Funkthetown# dir
Backend Frontend

The call to ssl verification is in Frontend folder in the app.js file.

Hope it's clear for you

11

I have absolutely no idea what this means.

2 Likes
12

i mean that i launch the website via the app.js file who got this line inside :


const httpServer = http.createServer((req,res)=>{
        res.writeHead(301,{Location:`https://${req.headers.host}${req.url}`});
          res.end();
     }).listen(80);

 const httpsServer = https.createServer({
 key: fs.readFileSync('/etc/letsencrypt/live/www.funkthetown.net/privkey.pem'),
 cert: fs.readFileSync('/etc/letsencrypt/live/www.funkthetown.net/fullchain.pem'),
}, app).listen(443);

But i think this have no impact in the issue, it was just to let you know....

13

I don't see the "Frontend" you were mentioning? Although if I'd be a betting man, I'd bet your webroot path is incorrect and it should be /home/Funkthetown/Frontend judging from the sparse info you've given.

2 Likes
14

Goodday Osiris, You were true, the path was wrong.
the good path was /root/Funkthetown/Frontend...

Thanks a lot to you and everybody ...

2 Likes
15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.