Certbot renew error 404

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: domain.com

I ran this command: certbot renew --dry-run

2 Likes

Hi @lnb

if you use then nginx authenticator and if that doesn't work, Certbot doesn't understand your config.

What says

nginx -T
3 Likes

nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/nginx.conf:64
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

I'm not really sure what's going on as everything was automated for quite a while(years) until this month where LE emailed me that my cert is expiring.

1 Like

Try:
sudo nginx -T

1 Like

Your /etc/nginx/mime.types file may have been modified from the original and now may includes a duplicate definition.
[hard to read your output corredctly without the three backticks ```]
Try replacing it with these lines (from an original install):

types {
    text/html                             html htm shtml;
    text/css                              css;
    text/xml                              xml;
    image/gif                             gif;
    image/jpeg                            jpeg jpg;
    application/javascript                js;
    application/atom+xml                  atom;
    application/rss+xml                   rss;

    text/mathml                           mml;
    text/plain                            txt;
    text/vnd.sun.j2me.app-descriptor      jad;
    text/vnd.wap.wml                      wml;
    text/x-component                      htc;

    image/png                             png;
    image/tiff                            tif tiff;
    image/vnd.wap.wbmp                    wbmp;
    image/x-icon                          ico;
    image/x-jng                           jng;
    image/x-ms-bmp                        bmp;
    image/svg+xml                         svg svgz;
    image/webp                            webp;

    application/font-woff                 woff;
    application/java-archive              jar war ear;
    application/json                      json;
    application/mac-binhex40              hqx;
    application/msword                    doc;
    application/pdf                       pdf;
    application/postscript                ps eps ai;
    application/rtf                       rtf;
    application/vnd.apple.mpegurl         m3u8;
    application/vnd.ms-excel              xls;
    application/vnd.ms-fontobject         eot;
    application/vnd.ms-powerpoint         ppt;
    application/vnd.wap.wmlc              wmlc;
    application/vnd.google-earth.kml+xml  kml;
    application/vnd.google-earth.kmz      kmz;
    application/x-7z-compressed           7z;
    application/x-cocoa                   cco;
    application/x-java-archive-diff       jardiff;
    application/x-java-jnlp-file          jnlp;
    application/x-makeself                run;
    application/x-perl                    pl pm;
    application/x-pilot                   prc pdb;
    application/x-rar-compressed          rar;
    application/x-redhat-package-manager  rpm;
    application/x-sea                     sea;
    application/x-shockwave-flash         swf;
    application/x-stuffit                 sit;
    application/x-tcl                     tcl tk;
    application/x-x509-ca-cert            der pem crt;
    application/x-xpinstall               xpi;
    application/xhtml+xml                 xhtml;
    application/xspf+xml                  xspf;
    application/zip                       zip;

    application/octet-stream              bin exe dll;
    application/octet-stream              deb;
    application/octet-stream              dmg;
    application/octet-stream              iso img;
    application/octet-stream              msi msp msm;

    application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
    application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;

    audio/midi                            mid midi kar;
    audio/mpeg                            mp3;
    audio/ogg                             ogg;
    audio/x-m4a                           m4a;
    audio/x-realaudio                     ra;

    video/3gpp                            3gpp 3gp;
    video/mp2t                            ts;
    video/mp4                             mp4;
    video/mpeg                            mpeg mpg;
    video/quicktime                       mov;
    video/webm                            webm;
    video/x-flv                           flv;
    video/x-m4v                           m4v;
    video/x-mng                           mng;
    video/x-ms-asf                        asx asf;
    video/x-ms-wmv                        wmv;
    video/x-msvideo                       avi;
}

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

I've also found this entry to be a bit problematic at times:

I would change it to:
include /etc/nginx/sites-enabled/*.conf;

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

Okay, apparently modifying the include line with the .conf; was causing origin error, had to remove it back to default to get the site back to work.

include /etc/nginx/sites-enabled/*;

Still getting failed authorization with renew --dryrun

1 Like

hmm...

Please show:
ls -l /etc/nginx/sites-enabled/
sudo nginx -T | grep -Ei 'listen|server_name|redirect|rewrite|cert|root|known|location'

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

1 Like

Just to update, it was because I was using third party nameservers (Ezoic) that caused the failed authorization procedure with certbot. I temporarily reverted to my host's nameservers and certbot successfully renewed my certificate.

2 Likes