Certbot -renew fails

Sven · April 30, 2019, 8:47am

My domain is: lpbb.de

I ran this command: certbot -renew

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/lpbb.de.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for lpbb.de
http-01 challenge for www.lpbb.de
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (lpbb.de) from /etc/letsencrypt/renewal/lpbb.de.conf produced an unexpected error: Failed authorization procedure. www.lpbb.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.lpbb.de/.well-known/acme-challenge/EWZiYZZ0jgVl1pLwhqOyTBgfXNi4xOWgO-CZNfEcw68 [80.149.167.228]: “\n\n404 Not Found\n\n

Not Found

\n<p”, lpbb.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://lpbb.de/.well-known/acme-challenge/O4Z_5oW8H8r1sjQLVpRffR9Drq1ymtj52eKJFkM1thc [80.149.167.228]: “\n\n404 Not Found\n\n

Not Found

\n<p”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/lpbb.de/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/lpbb.de/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: www.lpbb.de
Type: unauthorized
Detail: Invalid response from
http://www.lpbb.de/.well-known/acme-challenge/EWZiYZZ0jgVl1pLwhqOyTBgfXNi4xOWgO-CZNfEcw68
[80.149.167.228]: “\n\n404 Not
Found\n\n

Not Found
\n<p”
Domain: lpbb.de
Type: unauthorized
Detail: Invalid response from
http://lpbb.de/.well-known/acme-challenge/O4Z_5oW8H8r1sjQLVpRffR9Drq1ymtj52eKJFkM1thc
[80.149.167.228]: “\n\n404 Not
Found\n\n

Not Found
\n<p”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version): apache 2.4.25

The operating system my web server runs on is (include version):Debian 9

My hosting provider, if applicable, is: self-hosted

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.28.0

I’m able to create textfiles at .well-known/acme-challenge and access them with a browser at
www.lpbb.de/.well-known/acme-challenge/test.txt

JuergenAuer · April 30, 2019, 11:00am

Hi @Sven

then you have found your correct webroot. So use it:

certbot run -a webroot -i apache -w pathToYourWebroot -d lpbb.de -d www.lpbb.de

Sven · April 30, 2019, 11:08am

Hi!
Thank you very much! I was unaware that I had to specify the webroot. Worked like a charm!

JuergenAuer · April 30, 2019, 11:22am

Happy to read that it had worked.

That's only required if you use the webroot - authenticator.

There is another authenticator --apache, but sometimes that doesn't work.

But if there is a running webserver, webroot should always work.

https://certbot.eff.org/docs/using.html

system · May 30, 2019, 11:23am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.