Certbot renew invalid response from .well-known/acme-challenge/

This can't work. So edit your dns - entries.

Ok, so now i used a tool to changed my ipv4 domain adress 145.130.144.88 to ipv6. And changed the ipv6 AAAA dns for this subdomain to 2002:9182:9058::9182:9058

Does that sound correct?

certbot renew --dry-run --debug
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/cloud.quimpro.com.conf

Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for cloud.quimpro.com
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0078_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0078_csr-certbot.pem


Processing /etc/letsencrypt/renewal/secure.familiedewijn.nl.conf

Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for secure.familiedewijn.nl
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0079_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0079_csr-certbot.pem


Processing /etc/letsencrypt/renewal/crm.markdewijn.com.conf

Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for crm.markdewijn.com
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0080_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0080_csr-certbot.pem


Processing /etc/letsencrypt/renewal/markdewijn.com.conf

Cert is due for renewal, auto-renewing…
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for markdewijn.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/markdewijn.com.conf produced an unexpected error: Failed authorization procedure. markdewijn.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://markdewijn.com/.well-known/acme-challenge/7DOX0TuSQHt_yeLJSTrAjSYyB_kBVNBGJJbSXQ8KoiE: "

404 Not Found

Not Found

Th". Skipping. ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates below have not been saved.)

The following certs were successfully renewed:
/etc/letsencrypt/live/cloud.quimpro.com/fullchain.pem (success)
/etc/letsencrypt/live/secure.familiedewijn.nl/fullchain.pem (success)
/etc/letsencrypt/live/crm.markdewijn.com/fullchain.pem (success)

The following certs could not be renewed:
/etc/letsencrypt/live/markdewijn.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.10.2’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 849, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 655, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/dist-packages/certbot/renewal.py”, line 430, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

I'll try again tomorrow, maybe dns changes will need some more time.

certbot renew --dry-run --debug
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/cloud.quimpro.com.conf

Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for cloud.quimpro.com
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0084_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0084_csr-certbot.pem


Processing /etc/letsencrypt/renewal/secure.familiedewijn.nl.conf

Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for secure.familiedewijn.nl
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0085_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0085_csr-certbot.pem


Processing /etc/letsencrypt/renewal/crm.markdewijn.com.conf

Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for crm.markdewijn.com
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0086_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0086_csr-certbot.pem


Processing /etc/letsencrypt/renewal/markdewijn.com.conf

Cert is due for renewal, auto-renewing…
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for markdewijn.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/markdewijn.com.conf produced an unexpected error: Failed authorization procedure. markdewijn.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://markdewijn.com/.well-known/acme-challenge/ZZysD0kBuh0eU_vLm3g5TdU62wJNN3CXeUlnnzBVKe4: "

404 Not Found

Not Found

Th". Skipping. ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates below have not been saved.)

The following certs were successfully renewed:
/etc/letsencrypt/live/cloud.quimpro.com/fullchain.pem (success)
/etc/letsencrypt/live/secure.familiedewijn.nl/fullchain.pem (success)
/etc/letsencrypt/live/crm.markdewijn.com/fullchain.pem (success)

The following certs could not be renewed:
/etc/letsencrypt/live/markdewijn.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.10.2’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 849, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 655, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/dist-packages/certbot/renewal.py”, line 430, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

Now crm.markdewijn.com is valide.

Yes, but the certificate is still not renewing. Hoping that you can point me further in the right direction.

There is a letsencrypt-certificate startet yesterday - Dienstag, 19. Juni 2018

you are right, there is a new cerificicat on my website now, but why are these errors still here?

The following certs could not be renewed:
/etc/letsencrypt/live/markdewijn.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.10.2’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 849, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 655, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/dist-packages/certbot/renewal.py”, line 430, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: markdewijn.com
Type: unauthorized
Detail: Invalid response from
404 Not Found
"

404 Not Found
Not Found
Th"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

Update your certbot. The certificate found at markdewijn.com is from 2018-06-13.

How do I install the latest version?

my system says it has the latest version

backports.list contains “deb http://ftp.debian.org/debian jessie-backports main” and

sudo apt-get install python-certbot-apache -t jessie-backports gives me:
Pakketlijsten worden ingelezen… Klaar
Boom van vereisten wordt opgebouwd
De statusinformatie wordt gelezen… Klaar
python-certbot-apache is reeds de nieuwste versie.
0 opgewaardeerd, 0 nieuw geĂŻnstalleerd, 0 te verwijderen en 45 niet opgewaardeerd.

also tried using certbot-auto
also doesn’t seem to work
still getting version 0.10.2

If you run ./certbot-auto --version, do you see 0.10.2? :astonished:

Hi @mdw,

I don’t understand the situation :wink:

You are trying to renew 4 certificates for these domains:

cloud.quimpro.com
secure.familiedewijn.nl
crm.markdewijn.com
markdewijn.com

So you are using certbot to test if you can renew them and you finally could renew the first 3 ones but not the last one markdewijn.com. The first 3 ones are pointing to ip 145.130.144.88 but the last one points to ip 185.182.56.226 so here are 2 different servers, server 1 and server 2 and you are trying to renew a certificate for a domain located in server 2 from server 1, is that correct or am I missing something?.

As you are using http challenge to validate your domain maybe you should execute certbot command from server 2 instead of server 1…

Cheers,
sahsanu

yes i get: certbot --version
certbot 0.10.2

sorry, i overlooked this, i only need to renew the first three, the other is indeed on another server and does not need to renew on this server

markdewijn.com is not active on this server anymore, it was for some time, but i moved it and is no longer active

i now removed it by using “certbot delete --cert-name markdewijn.com” and the errors are now gone

my issue is now solved and want to thank you and JuergenAuer for helping me with this

however i still get certbot 0.10.2 and have not yet found a way to update it

1 Like

yes i still get: certbot --version
certbot 0.10.2

certbot --version is totally different from ./certbot-auto --version and I would expect them to have different versions.

Downloading, installing, or running certbot-auto doesn’t change the version of certbot installed via your package manager and both will coexist with separate versions.

and again you are right
with ./certbot-auto --version i get certbot 0.25.1
thank you very much for helping me
all of you

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.