Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:www.bluestarline.org
I ran this command: certbot renew
(ignore references to www.littleclose.co.uk it is no longer active and is being removed)
It produced the following output
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/www.blake-online.net.conf
Cert not yet due for renewal
Processing /etc/letsencrypt/renewal/www.bluestarline.org.conf
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate for www1.blake-online.net and 3 more domains
Performing the following challenges:
http-01 challenge for www.littleclose.co.uk
Waiting for verification...
Challenge failed for domain www.littleclose.co.uk
http-01 challenge for www.littleclose.co.uk
Cleaning up challenges
Failed to renew certificate www.bluestarline.org with error: Some challenges have failed.
Processing /etc/letsencrypt/renewal/www.netunity.co.uk-0001.conf
Cert not yet due for renewal
Processing /etc/letsencrypt/renewal/www.netunity.co.uk.conf
Cert not yet due for renewal
The following certificates are not due for renewal yet:
/etc/letsencrypt/live/www.blake-online.net/fullchain.pem expires on 2022-08-04 (skipped)
/etc/letsencrypt/live/www.netunity.co.uk-0001/fullchain.pem expires on 2022-07-11 (skipped)
/etc/letsencrypt/live/www.netunity.co.uk/fullchain.pem expires on 2022-08-05 (skipped)
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/www.bluestarline.org/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: www.littleclose.co.uk
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
www.littleclose.co.uk - check that a DNS record exists for this
domain; DNS problem: NXDOMAIN looking up AAAA for
www.littleclose.co.uk - check that a DNS record exists for this
domain
My web server is (include version): Apache 3.12.2
The operating system my web server runs on is (include version): NethServer release 7.9.2009 (final)
My hosting provider, if applicable, is: my own Nethserver host
I can login to a root shell on my machine (yes or no, or I don't know): log on as user then su
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):certbot 1.11.0
I got a message that some certificates were going to expire. No surprise there, I manually renew every time they do so, bu simply logging on and issuing the command from su.
This time I did so, and the domain www.bluestarline.org errored with "Failed to renew certificate www.bluestarline.org with error: Some challenges have failed."
I had a look round but couldn't see anything in the logs. I then issued on its own. The command appeared to complete, and when browsing to the site and looking at the certificate, there was a new one, no longer going to expire. Great, I thought, thats fixed that.
However, this morning, I reieced an email from the server saying the certificate was expiring, and sure enough, when I examined the certificate, it said:
Validity
Not Before: Feb 14 17:15:40 2022 GMT
Not After : May 15 17:15:39 2022 GMT
So I re-issued the command , which completed correctly, then reloaded the web site in my browser, and reexamined the certificate and saw:
Validity
Not Before: Sun, 08 May 2022 09:15:26 GMT
Not After: Sat, 06 Aug 2022 09:15:25 GMT
So weirdly, the fails, appears to work, but the new certificate is lost the following day. The warning popped up at around 0900, so not on the day/week/month boundary, so can anyone suggest what is happening and what I should do to address it?
Thanks
Jim