Certbot Renew Challenge failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: funkthetown.net

I ran this command: Certbot Renew

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.funkthetown.net.conf


Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for funkthetown.net
http-01 challenge for www.funkthetown.net
Using the webroot path /root/Funkthetown for all unmatched domains.
Waiting for verification...
Challenge failed for domain funkthetown.net
Challenge failed for domain www.funkthetown.net
http-01 challenge for funkthetown.net
http-01 challenge for www.funkthetown.net
Cleaning up challenges
Attempting to renew cert (www.funkthetown.net) from /etc/letsencrypt/renewal/www.funkthetown.net.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.funkthetown.net/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.funkthetown.net/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

My web server is (include version):

The operating system my web server runs on is (include version): ubuntu 20.4

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.4

The renew function was working the last quater.
The only change made was the changement of structure of code.
I now have a Backend end Frontend Folder.

Please can you tell me what to check to make it work.

Thanks a lot

1 Like

Welcome to the community @HAO73

The "connection refused" error means the Let's Encrypt server cannot reach your domain using HTTP. I get the same error from my own test server for your "home" page. And, the Let's Debug test site is also refused (see here).

Can you connect to your domain from outside your own network? You can use a cell phone with wifi off to use your provider's network.

From my tests no one can connect to your domain from the internet.

3 Likes

Hi Mike, thanks for welcoming and for help.

the pm2 start app.js was not done.

So now, it's ok. I get the same error.

I think that was your request.

1 Like

The SAME error? Because Let's Debug tests fine and I can see your site fine so the "connection refused" seems resolved.

Can you show the output of the failing command like you did in the first post?

3 Likes

Yes, sorry. Connection is allright but certbot renew still down.

Sure, here it is :

root@localhost:~# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.funkthetown.net.conf


Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for funkthetown.net
http-01 challenge for www.funkthetown.net
Using the webroot path /root/Funkthetown for all unmatched domains.
Waiting for verification...
Challenge failed for domain funkthetown.net
Challenge failed for domain www.funkthetown.net
http-01 challenge for funkthetown.net
http-01 challenge for www.funkthetown.net
Cleaning up challenges
Attempting to renew cert (www.funkthetown.net) from /etc/letsencrypt/renewal/www.funkthetown.net.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.funkthetown.net/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.funkthetown.net/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

Please show this file:

3 Likes

not sure i did well but just copied the line into my terminal, give this :

root@localhost:~# /etc/letsencrypt/renewal/www.funkthetown.net.conf
-bash: /etc/letsencrypt/renewal/www.funkthetown.net.conf: Permission denied

Here ,it is, hope that what you are looking for :

version = 0.40.0
archive_dir = /etc/letsencrypt/archive/www.funkthetown.net
cert = /etc/letsencrypt/live/www.funkthetown.net/cert.pem
privkey = /etc/letsencrypt/live/www.funkthetown.net/privkey.pem
chain = /etc/letsencrypt/live/www.funkthetown.net/chain.pem
fullchain = /etc/letsencrypt/live/www.funkthetown.net/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = e684dec94d2c587516e4be925a1f1380
authenticator = webroot
server = https://acme-v02.api.letsencrypt.org/directory
webroot_path = /root/Funkthetown,
[[webroot_map]]
funkthetown.net = /root/Funkthetown
www.funkthetown.net = /root/Funkthetown

Can you confirm that is the correct webroot path?

2 Likes

Not sure of the webroot terminology.

Here the architecture of my folder :
root@localhost:~/Funkthetown# dir
Backend Frontend

The call to ssl verification is in Frontend folder in the app.js file.

Hope it's clear for you

I have absolutely no idea what this means.

2 Likes

i mean that i launch the website via the app.js file who got this line inside :


const httpServer = http.createServer((req,res)=>{
        res.writeHead(301,{Location:`https://${req.headers.host}${req.url}`});
          res.end();
     }).listen(80);

 const httpsServer = https.createServer({
 key: fs.readFileSync('/etc/letsencrypt/live/www.funkthetown.net/privkey.pem'),
 cert: fs.readFileSync('/etc/letsencrypt/live/www.funkthetown.net/fullchain.pem'),
}, app).listen(443);

But i think this have no impact in the issue, it was just to let you know....

I don't see the "Frontend" you were mentioning? Although if I'd be a betting man, I'd bet your webroot path is incorrect and it should be /home/Funkthetown/Frontend judging from the sparse info you've given.

2 Likes

Goodday Osiris, You were true, the path was wrong.
the good path was /root/Funkthetown/Frontend...

Thanks a lot to you and everybody ...

2 Likes