This can't work. So edit your dns - entries.
Ok, so now i used a tool to changed my ipv4 domain adress 145.130.144.88 to ipv6. And changed the ipv6 AAAA dns for this subdomain to 2002:9182:9058::9182:9058
Does that sound correct?
certbot renew --dry-run --debug
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/cloud.quimpro.com.conf
Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for cloud.quimpro.com
Waiting for verificationâŚ
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0078_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0078_csr-certbot.pem
Processing /etc/letsencrypt/renewal/secure.familiedewijn.nl.conf
Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for secure.familiedewijn.nl
Waiting for verificationâŚ
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0079_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0079_csr-certbot.pem
Processing /etc/letsencrypt/renewal/crm.markdewijn.com.conf
Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for crm.markdewijn.com
Waiting for verificationâŚ
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0080_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0080_csr-certbot.pem
Processing /etc/letsencrypt/renewal/markdewijn.com.conf
Cert is due for renewal, auto-renewingâŚ
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for markdewijn.com
Waiting for verificationâŚ
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/markdewijn.com.conf produced an unexpected error: Failed authorization procedure. markdewijn.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://markdewijn.com/.well-known/acme-challenge/7DOX0TuSQHt_yeLJSTrAjSYyB_kBVNBGJJbSXQ8KoiE: "
Not Found
Th". Skipping. ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates below have not been saved.)The following certs were successfully renewed:
/etc/letsencrypt/live/cloud.quimpro.com/fullchain.pem (success)
/etc/letsencrypt/live/secure.familiedewijn.nl/fullchain.pem (success)
/etc/letsencrypt/live/crm.markdewijn.com/fullchain.pem (success)
The following certs could not be renewed:
/etc/letsencrypt/live/markdewijn.com/fullchain.pem (failure)
** DRY RUN: simulating âcertbot renewâ close to cert expiry
** (The test certificates above have not been saved.)
Traceback (most recent call last):
File â/usr/bin/certbotâ, line 11, in
load_entry_point(âcertbot==0.10.2â, âconsole_scriptsâ, âcertbotâ)()
File â/usr/lib/python2.7/dist-packages/certbot/main.pyâ, line 849, in main
return config.func(config, plugins)
File â/usr/lib/python2.7/dist-packages/certbot/main.pyâ, line 655, in renew
renewal.handle_renewal_request(config)
File â/usr/lib/python2.7/dist-packages/certbot/renewal.pyâ, line 430, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: markdewijn.com
404 Not Found
Type: unauthorized
Detail: Invalid response from
http://markdewijn.com/.well-known/acme-challenge/7DOX0TuSQHt_yeLJSTrAjSYyB_kBVNBGJJbSXQ8KoiE:
"Not Found
Th"To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
I'll try again tomorrow, maybe dns changes will need some more time.
certbot renew --dry-run --debug
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/cloud.quimpro.com.conf
Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for cloud.quimpro.com
Waiting for verificationâŚ
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0084_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0084_csr-certbot.pem
Processing /etc/letsencrypt/renewal/secure.familiedewijn.nl.conf
Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for secure.familiedewijn.nl
Waiting for verificationâŚ
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0085_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0085_csr-certbot.pem
Processing /etc/letsencrypt/renewal/crm.markdewijn.com.conf
Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for crm.markdewijn.com
Waiting for verificationâŚ
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0086_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0086_csr-certbot.pem
Processing /etc/letsencrypt/renewal/markdewijn.com.conf
Cert is due for renewal, auto-renewingâŚ
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for markdewijn.com
Waiting for verificationâŚ
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/markdewijn.com.conf produced an unexpected error: Failed authorization procedure. markdewijn.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://markdewijn.com/.well-known/acme-challenge/ZZysD0kBuh0eU_vLm3g5TdU62wJNN3CXeUlnnzBVKe4: "
Not Found
Th". Skipping. ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates below have not been saved.)The following certs were successfully renewed:
/etc/letsencrypt/live/cloud.quimpro.com/fullchain.pem (success)
/etc/letsencrypt/live/secure.familiedewijn.nl/fullchain.pem (success)
/etc/letsencrypt/live/crm.markdewijn.com/fullchain.pem (success)
The following certs could not be renewed:
/etc/letsencrypt/live/markdewijn.com/fullchain.pem (failure)
** DRY RUN: simulating âcertbot renewâ close to cert expiry
** (The test certificates above have not been saved.)
Traceback (most recent call last):
File â/usr/bin/certbotâ, line 11, in
load_entry_point(âcertbot==0.10.2â, âconsole_scriptsâ, âcertbotâ)()
File â/usr/lib/python2.7/dist-packages/certbot/main.pyâ, line 849, in main
return config.func(config, plugins)
File â/usr/lib/python2.7/dist-packages/certbot/main.pyâ, line 655, in renew
renewal.handle_renewal_request(config)
File â/usr/lib/python2.7/dist-packages/certbot/renewal.pyâ, line 430, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: markdewijn.com
404 Not Found
Type: unauthorized
Detail: Invalid response from
http://markdewijn.com/.well-known/acme-challenge/ZZysD0kBuh0eU_vLm3g5TdU62wJNN3CXeUlnnzBVKe4:
"Not Found
Th"To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
Now crm.markdewijn.com is valide.
Yes, but the certificate is still not renewing. Hoping that you can point me further in the right direction.
There is a letsencrypt-certificate startet yesterday - Dienstag, 19. Juni 2018
you are right, there is a new cerificicat on my website now, but why are these errors still here?
The following certs could not be renewed:
/etc/letsencrypt/live/markdewijn.com/fullchain.pem (failure)
** DRY RUN: simulating âcertbot renewâ close to cert expiry
** (The test certificates above have not been saved.)
Traceback (most recent call last):
File â/usr/bin/certbotâ, line 11, in
load_entry_point(âcertbot==0.10.2â, âconsole_scriptsâ, âcertbotâ)()
File â/usr/lib/python2.7/dist-packages/certbot/main.pyâ, line 849, in main
return config.func(config, plugins)
File â/usr/lib/python2.7/dist-packages/certbot/main.pyâ, line 655, in renew
renewal.handle_renewal_request(config)
File â/usr/lib/python2.7/dist-packages/certbot/renewal.pyâ, line 430, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: markdewijn.com
Type: unauthorized
Detail: Invalid response from
404 Not Found
"
404 Not Found
Not Found
Th"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
Update your certbot. The certificate found at markdewijn.com is from 2018-06-13.
How do I install the latest version?
my system says it has the latest version
backports.list contains âdeb http://ftp.debian.org/debian jessie-backports mainâ and
sudo apt-get install python-certbot-apache -t jessie-backports gives me:
Pakketlijsten worden ingelezen⌠Klaar
Boom van vereisten wordt opgebouwd
De statusinformatie wordt gelezen⌠Klaar
python-certbot-apache is reeds de nieuwste versie.
0 opgewaardeerd, 0 nieuw geĂŻnstalleerd, 0 te verwijderen en 45 niet opgewaardeerd.
also tried using certbot-auto
also doesnât seem to work
still getting version 0.10.2
If you run ./certbot-auto --version
, do you see 0.10.2?
Hi @mdw,
I donât understand the situation
You are trying to renew 4 certificates for these domains:
cloud.quimpro.com
secure.familiedewijn.nl
crm.markdewijn.com
markdewijn.com
So you are using certbot to test if you can renew them and you finally could renew the first 3 ones but not the last one markdewijn.com
. The first 3 ones are pointing to ip 145.130.144.88
but the last one points to ip 185.182.56.226
so here are 2 different servers, server 1 and server 2 and you are trying to renew a certificate for a domain located in server 2 from server 1, is that correct or am I missing something?.
As you are using http challenge to validate your domain maybe you should execute certbot command from server 2 instead of server 1âŚ
Cheers,
sahsanu
yes i get: certbot --version
certbot 0.10.2
sorry, i overlooked this, i only need to renew the first three, the other is indeed on another server and does not need to renew on this server
markdewijn.com is not active on this server anymore, it was for some time, but i moved it and is no longer active
i now removed it by using âcertbot delete --cert-name markdewijn.comâ and the errors are now gone
my issue is now solved and want to thank you and JuergenAuer for helping me with this
however i still get certbot 0.10.2 and have not yet found a way to update it
yes i still get: certbot --version
certbot 0.10.2
certbot --version
is totally different from ./certbot-auto --version
and I would expect them to have different versions.
Downloading, installing, or running certbot-auto
doesnât change the version of certbot
installed via your package manager and both will coexist with separate versions.
and again you are right
with ./certbot-auto --version i get certbot 0.25.1
thank you very much for helping me
all of you
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.