Certbot renew : Failed authorization procedure


#1

Hello all,

i got an email asking me to update my server because TLS won’t be supported anymore.
So i have run those commands, but i am getting an autorisation error.
Do you know what, should i do ?

pi@raspberrypi:~ certbot --version || /path/to/certbot-auto --version certbot 0.28.0 pi@raspberrypi:~ sudo sh -c “sed -i.bak -e ‘s/^(pref_challs.)tls-sni-01(.)/\1http-01\2/g’ /etc/letsencrypt/renewal/; rm -f /etc/letsencrypt/renewal/.bak”
pi@raspberrypi:~ $ sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/nextcloud-vosberg.duckdns.org.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nextcloud-vosberg.duckdns.org
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (nextcloud-vosberg.duckdns.org) from /etc/letsencrypt/renewal/nextcloud-vosberg.duckdns.org.conf produced an unexpected error: Failed authorization procedure. nextcloud-vosberg.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://nextcloud-vosberg.duckdns.org/.well-known/acme-challenge/qzbuY97vEa-VilnQ4SBsERM-W70jvAxhDFi94SV4AGY [109.129.211.138]: “\n\n404 Not Found\n\n

Not Found

\n<p”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/nextcloud-vosberg.duckdns.org/fullchain.pem (failure)

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/nextcloud-vosberg.duckdns.org/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: nextcloud-vosberg.duckdns.org
    Type: unauthorized
    Detail: Invalid response from
    http://nextcloud-vosberg.duckdns.org/.well-known/acme-challenge/qzbuY97vEa-VilnQ4SBsERM-W70jvAxhDFi94SV4AGY
    [109.129.211.138]: “\n\n404 Not
    Found\n\n

    Not Found

    \n<p”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.


#2

Hi @HuTcHx.007

there is a new Letsencrypt certificate ( https://check-your-website.server-daten.de/?q=nextcloud-vosberg.duckdns.org ):

CN=nextcloud-vosberg.duckdns.org
	03.03.2019
	02.06.2019
expires in 89 days	nextcloud-vosberg.duckdns.org - 1 entry

created Sunday.

So use that certificate two months. Then check, if the renew works.

If not, find your “DocumentRoot” in your Apache vHost and use that.

certbot run -a webroot -i apache -w yourDocumentRoot -d nextcloud-vosberg.duckdns.org -d www.nextcloud-vosberg.duckdns.org

PS: You have defined a www DNS A record with the same ip address. Then your certificate should have both domain names.


#3

Hellow :slight_smile:

Thank you for your quick reply.

I will save the link of your answer and will try to remember that i need to do this check in two months :stuck_out_tongue: