Certbot renewal fails NginX Ubuntu 18.04

My domain is: ridesnparts
I ran this command:sudo certbot certonly --agree-tos --email eslambakry@gmail.com --webroot -w /var/lib/letsencrypt/ -d ridesnparts.com -d www.ridesnparts.com
It produced this output:IMPORTANT NOTES:

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: digital ocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

When Using
sudo certbot renew --dry-run

the output is
ation :: Invalid response from https://ridesnparts.com/.well-known/acme-challenge/lnGUHRCrMxSRicEh3bZc-Ab8Qh44B88wufKUu7zMWNc [68.183.101.83]: “\n \n \n \n \n <html lang=“en-US” data-website-id=“1” data-oe-company-name=”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ridesnparts.com/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ridesnparts.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: --dry-runsudo certbot renew
root@Odoo-12-2:~# sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/ridesnparts.com.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ridesnparts.com
http-01 challenge for www.ridesnparts.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (ridesnparts.com) from /etc/letsencrypt/renewal/ridesnparts.com.conf produced an unexpected error: Failed authorization procedure. www.ridesnparts.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://ridesnparts.com/.well-known/acme-challenge/3AYKFqBIyFQwbI1OEQPwM6vx8FTuigeoT0JsnFc2qK4 [68.183.101.83]: “\n \n \n \n \n <html lang=“en-US” data-website-id=“1” data-oe-company-name=”, ridesnparts.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://ridesnparts.com/.well-known/acme-challenge/XSHrEzfgf-NzhwLGQJ_if-IqcdBMHwEbPBmkWvzGlPY [68.183.101.83]: “\n \n \n \n \n <html lang=“en-US” data-website-id=“1” data-oe-company-name=”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ridesnparts.com/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ridesnparts.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

Hi @eslambakry

if you use webroot and it doesn’t work, your webroot is wrong.

You have redirects http -> https ( https://check-your-website.server-daten.de/?q=ridesnparts.com ):

Domainname Http-Status redirect Sec. G
http://ridesnparts.com/
68.183.101.83 301 https://ridesnparts.com/ 0.217 A
http://www.ridesnparts.com/
68.183.101.83 301 https://ridesnparts.com/ 0.203 E
https://www.ridesnparts.com/
68.183.101.83 301 https://ridesnparts.com/ 0.923 N
Certificate error: RemoteCertificateChainErrors
https://ridesnparts.com/
68.183.101.83 200 3.424 N
Certificate error: RemoteCertificateChainErrors
http://ridesnparts.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
68.183.101.83 301 https://ridesnparts.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.203 A
Visible Content: 301 Moved Permanently nginx/1.14.0 (Ubuntu)
http://www.ridesnparts.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
68.183.101.83 301 https://ridesnparts.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.220 E
Visible Content: 301 Moved Permanently nginx/1.14.0 (Ubuntu)
https://ridesnparts.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 0.890 N

Have http and https the same webroot? If not, that can’t work.

Create a file in

yourWebRootParameter/.well-known/acme-challenge

(file name 1234), then try to load that file via

http://ridesnparts.com/.well-known/acme-challenge/1234

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.