It seems like certbot is no longer able to read the renewal config file.
Perhaps file/folder permissions have been changed somewhere along the way...
1 Like
What is specifally the renewal config file? I don't see any changes.
sudo certbot certonly --dry-run --cert-name www.studentobservation.com --webroot -w /var/www/html -d www.studentobservation.com -d studentobservation.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An RSA certificate named www.studentobservation.com already exists. Do you want
to update its key type to ECDSA?
(U)pdate key type/(K)eep existing key type: K
Simulating renewal of an existing certificate for www.studentobservation.com and studentobservation.com
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: studentobservation.com
Type: unauthorized
Detail: 35.223.142.129: Invalid response from https://www.studentobservation.com/.well-known/acme-challenge/YlY7BhN9mljYzOkWbn2si0WYZ1DiDcSyHNgaG4EGcUk: 404
Domain: www.studentobservation.com
Type: unauthorized
Detail: 35.223.142.129: Invalid response from https://www.studentobservation.com/.well-known/acme-challenge/SM4DxlgGh8jP30XZu8LigBDRTVVKlUyeUpk8q4U1Buw: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Yeah, you used the command from my machine where I had to change webroot path.
Your command is below. Friday it failed because it asked you what authentication to use even though the command says --webroot. Does it still fail (we can always hope)
2 Likes
That seemed it worked. So I ran it without the --dry-run and there were no errors, but the cert still says expires Nov 11
Can you show output of this
sudo certbot certificates --cert-name www.studentobservation.com
Did you reload Apache after getting the new cert?
2 Likes
here it is ....
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following matching certs:
Certificate Name: www.studentobservation.com
Serial Number: 48c5286dfed937a245b1fd13f13667143b7
Key Type: RSA
Domains: www.studentobservation.com studentobservation.com
Expiry Date: 2024-01-14 12:00:50+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.studentobservation.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.studentobservation.com/privkey.pem
And, what about this?
3 Likes
YAY that did it. Thank you so much!
There have been so many commands in this thread, which one worked?
3 Likes
I think deleting the duplicate account folders along with the new certbot certonly --webroot for the --cert-name affected.
So, a couple things to finish yet. First is to add the Apache reload command to your renewal profile for this cert. That will do it automatically then whenever you get a fresh cert. Second is to test your renew and make sure all your other certs are good.
But, I don't have time left this morning to finish with that but I am sure another volunteer will help out.
2 Likes
Thanks for you help! It would helpful to know which commands I need to run. There are 6 projects using lets encrypt on this server.
1 Like
I got the command! Thanks!
sudo certbot certonly --cert-name www.studentobservation.com --webroot -w /home/clients/studentobservation.com/htdocs -d www.studentobservation.com -d studentobservation.com
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.