Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: domain.com
I ran this command: certbot renew --dry-run
Hi @lnb
if you use then nginx authenticator and if that doesn't work, Certbot doesn't understand your config.
What says
nginx -T
nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/nginx.conf:64
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
I'm not really sure what's going on as everything was automated for quite a while(years) until this month where LE emailed me that my cert is expiring.
Try:
sudo nginx -T
Your /etc/nginx/mime.types file may have been modified from the original and now may includes a duplicate definition.
[hard to read your output corredctly without the three backticks ```]
Try replacing it with these lines (from an original install):
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it 
]
I've also found this entry to be a bit problematic at times:
I would change it to:
include /etc/nginx/sites-enabled/*.conf;
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it 
]
Okay, apparently modifying the include line with the .conf; was causing origin error, had to remove it back to default to get the site back to work.
include /etc/nginx/sites-enabled/*;
Still getting failed authorization with renew --dryrun
hmm...
Please show:
ls -l /etc/nginx/sites-enabled/
sudo nginx -T | grep -Ei 'listen|server_name|redirect|rewrite|cert|root|known|location'
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]
Just to update, it was because I was using third party nameservers (Ezoic) that caused the failed authorization procedure with certbot. I temporarily reverted to my host's nameservers and certbot successfully renewed my certificate.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.