Certbot renew dry run failed


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: panamaanimation.com

I ran this command: sudo certbot renew --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.panamaanimation.com.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.panamaanimation.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (www.panamaanimation.com) from /etc/letsencrypt/renewal/www.panamaanimation.com.conf produced an unexpected error: Failed authorization procedure. www.panamaanimation.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.panamaanimation.com/.well-known/acme-challenge/VaE2-K1riG4h1plP9Mv4WW-R76VpKbv_qf_V-dqp72Q: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n
”. Skipping.

IMPORTANT NOTES:

My web server is (include version): nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-45-generic x86_64)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0


#2

Can you post the contents of that file?

Certbot is creating a file in the root saved in its configuration, Let’s Encrypt is sending an HTTP request, and getting a 404 Not Found error.

So either Certbot is saving the file in the wrong place, or the request is not being received by the correct web server.

Nginx’s error.log might have more information.

Edit: You skipped some of Certbot’s output, right? The first part of it is only about www.panamaanimation.com, but the second part is about panamaanimation.com, www.panamaanimation.com and www.panamaanimation.com a second time. There could be different issues as well.


#3

This is the content of the file /etc/letsencrypt/renewal/www.panamaanimation.com.conf

renew_before_expiry = 30 days

version = 0.26.1
archive_dir = /etc/letsencrypt/archive/www.panamaanimation.com
cert = /etc/letsencrypt/live/www.panamaanimation.com/cert.pem
privkey = /etc/letsencrypt/live/www.panamaanimation.com/privkey.pem
chain = /etc/letsencrypt/live/www.panamaanimation.com/chain.pem
fullchain = /etc/letsencrypt/live/www.panamaanimation.com/fullchain.pem

Options used in the renewal process

[renewalparams]
account = 0646164545309a48bb160db919e06875
authenticator = webroot
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
www.panamaanimation.com = /var/www/letsencrypt


#4

Is that still the correct directory?

Does Nginx’s error.log show what’s going on and what root directory it’s using?


#5

Thanks @mnordhoff !!! yes the files is not complete I cant upload the file nor post it here due to the links I guess

I am worry about this part:

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

I have both entries for panamaanimation and www.panamaanimation with the ipadress on my host digitalocean… maybe its a mistake… I am not sure…


#6

I saw that the file 404.html is missing. But the path /data/www do exist:

2019/02/08 19:30:10 [error] 14172#14172: *1372 open() “/data/www/.well-known/acme-challenge/H-YlRxZMstZhPa3xmVyHL5IlTP6yyJwxGZ9KggC-4OQ” failed (2: No such file or directory), client: 66.133.109.36, server: www.panamaanimation.com, request: “GET /.well-known/acme-challenge/H-YlRxZMstZhPa3xmVyHL5IlTP6yyJwxGZ9KggC-4OQ HTTP/1.1”, host: “www.panamaanimation.com”, referrer: “http://www.panamaanimation.com/.well-known/acme-challenge/H-YlRxZMstZhPa3xmVyHL5IlTP6yyJwxGZ9KggC-4OQ
2019/02/08 19:30:10 [error] 14172#14172: *1372 open() “/data/www/404.html” failed (2: No such file or directory), client: 66.133.109.36, server: www.panamaanimation.com, request: “GET /.well-known/acme-challenge/H-YlRxZMstZhPa3xmVyHL5IlTP6yyJwxGZ9KggC-4OQ HTTP/1.1”, host: “www.panamaanimation.com”, referrer: “http://www.panamaanimation.com/.well-known/acme-challenge/H-YlRxZMstZhPa3xmVyHL5IlTP6yyJwxGZ9KggC-4OQ
2019/02/08 19:30:13 [warn] 15648#15648: conflicting server name “www.panamaanimation.com” on 0.0.0.0:80, ignored
2019/02/08 19:30:13 [warn] 15648#15648: conflicting server name “www.panamaanimation.com” on 0.0.0.0:443, ignored
2019/02/08 19:30:14 [warn] 15650#15650: conflicting server name “www.panamaanimation.com” on 0.0.0.0:80, ignored
2019/02/08 19:30:14 [warn] 15650#15650: conflicting server name “www.panamaanimation.com” on 0.0.0.0:443, ignored
2019/02/08 19:30:14 [notice] 15650#15650: signal process started
2019/02/08 19:30:15 [error] 15651#15651: *1380 open() “/data/www/.well-known/acme-challenge/n2MYw4SkmJH8F1usEvBNGMn3w9elGM5-w10nMc-qIbM” failed (2: No such file or directory), client: 66.133.109.36, server: www.panamaanimation.com, request: “GET /.well-known/acme-challenge/n2MYw4SkmJH8F1usEvBNGMn3w9elGM5-w10nMc-qIbM HTTP/1.1”, host: “www.panamaanimation.com”, referrer: “http://www.panamaanimation.com/.well-known/acme-challenge/n2MYw4SkmJH8F1usEvBNGMn3w9elGM5-w10nMc-qIbM
2019/02/08 19:30:15 [error] 15651#15651: *1380 open() “/data/www/404.html” failed (2: No such file or directory), client: 66.133.109.36, server: www.panamaanimation.com, request: “GET /.well-known/acme-challenge/n2MYw4SkmJH8F1usEvBNGMn3w9elGM5-w10nMc-qIbM HTTP/1.1”, host: “www.panamaanimation.com”, referrer: “http://www.panamaanimation.com/.well-known/acme-challenge/n2MYw4SkmJH8F1usEvBNGMn3w9elGM5-w10nMc-qIbM
2019/02/08 19:30:19 [warn] 15652#15652: conflicting server name “www.panamaanimation.com” on 0.0.0.0:80, ignored
2019/02/08 19:30:19 [warn] 15652#15652: conflicting server name “www.panamaanimation.com” on 0.0.0.0:443, ignored
2019/02/08 19:30:19 [notice] 15652#15652: signal process started


#7

Did you write this in

or did certbot put it there?

[or did you modify the path shown?]
[or have you modified the document root path in your vhost config?]


#8

Hi @asenav

first step: Fix these errors:

One server name should be unique per port. If one server name has two definitions, it’s hard to find errors.


closed #9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.