Certbot renewal fails


#1

My domain is: www.fsmk.org

I ran this command: certbot-auto renew --dry-run

It produced this output:
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/www.fsmk.org.conf
-------------------------------------------------------------------------------
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:    
  /etc/letsencrypt/live/www.fsmk.org/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
IMPORTANT NOTES:
 - The following errors were reported by the server:

Domain: www.fsmk.org
   Type:   unauthorized
   Detail: Invalid response from
http://www.fsmk.org/.well-known/acme-challenge/muTU4SGdlS7z3hAyDF6K6VX8ajB5fFah-NOVGSa2ADw: 
"<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"    
"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html lang="en" dir="l"

Domain: fsmk.org
Type:   unauthorized
Detail: Invalid response from
http://fsmk.org/.well-known/acme-challenge/RmjeOUtXrmqaGcqkOq7sFKvpIGdn-L_kYM_IWoGQu1E:
"<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html lang="en" dir="l"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

My operating system is : Debian 7

My web server is (include version): apache 2.2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Virtualmin 5


#2

Hi @sohom154

Can you verify that if you manually place a test file into http://fsmk.org/.well-known/acme-challenge/ that you are able to access it with your browser?


#3

NO I can not access the file.


#4

Sounds like there is a problem with your Apache configuration that is preventing access to the directory that Certbot is placing the validation content in. Can you share your Apache config? Perhaps someone would be able to spot the issue.


#5

Okay so more information.

After disabling the .htaccess file in the weroot folder i was able to access the file placed in .well-known/acme-challenge/file but reunning certbot-auto renew --dry-run produced the same error!

<VirtualHost 89.45.249.29:80>
ServerName fsmk.org
ServerAlias www.fsmk.org
ServerAlias webmail.fsmk.org
ServerAlias admin.fsmk.org
ServerAlias autoconfig.fsmk.org
ServerAlias autodiscover.fsmk.org
DocumentRoot /home/fsmk/public_html
ErrorLog /var/log/virtualmin/fsmk.org_error_log
CustomLog /var/log/virtualmin/fsmk.org_access_log combined
ScriptAlias /cgi-bin/ /home/fsmk/cgi-bin/
ScriptAlias /AutoDiscover/AutoDiscover.xml /home/fsmk/cgi-bin/autoconfig.cgi
ScriptAlias /autodiscover/autodiscover.xml /home/fsmk/cgi-bin/autoconfig.cgi
ScriptAlias /awstats/ /home/fsmk/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/fsmk/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/fsmk/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/fsmk/fcgi-bin/php5.fcgi .php5

<Directory /home/fsmk/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch

RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.fsmk.org
RewriteRule ^(.) https://fsmk.org:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.fsmk.org
RewriteRule ^(.
) https://fsmk.org:10000/ [R]
RewriteCond %{HTTPS} off
RewriteRule ^(.) https://fsmk.org/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
Alias /pipermail "/var/lib/mailman/archives/public"
php_value memory_limit 32M
php_value suhosin.session.encrypt Off
Redirect /mail/config-v1.1.xml http://fsmk.org/cgi-bin/autoconfig.cgi
RedirectMatch /cgi-bin/mailman/([^/.]
)(.cgi)?(.) https://fsmk.org:10000/virtualmin-mailman/unauthenticated/$1.cgi$3
RedirectMatch /mailman/([^/.]
)(.cgi)?(.) https://fsmk.org:10000/virtualmin-mailman/unauthenticated/$1.cgi$3

AuthName "fsmk.org statistics"
AuthType Basic
AuthUserFile /home/fsmk/.awstats-htpasswd
require valid-user


<VirtualHost 89.45.249.29:443>
ServerName fsmk.org
ServerAlias www.fsmk.org
ServerAlias webmail.fsmk.org
ServerAlias admin.fsmk.org
ServerAlias autoconfig.fsmk.org
ServerAlias autodiscover.fsmk.org
DocumentRoot /home/fsmk/public_html
ErrorLog /var/log/virtualmin/fsmk.org_error_log
CustomLog /var/log/virtualmin/fsmk.org_access_log combined
ScriptAlias /cgi-bin/ /home/fsmk/cgi-bin/
ScriptAlias /AutoDiscover/AutoDiscover.xml /home/fsmk/cgi-bin/autoconfig.cgi
ScriptAlias /autodiscover/autodiscover.xml /home/fsmk/cgi-bin/autoconfig.cgi
ScriptAlias /awstats/ /home/fsmk/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/fsmk/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/fsmk/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/fsmk/fcgi-bin/php5.fcgi .php5

<Directory /home/fsmk/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch

RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.fsmk.org
RewriteRule ^(.
) https://fsmk.org:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.fsmk.org
RewriteRule ^(.) https://fsmk.org:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
Alias /pipermail "/var/lib/mailman/archives/public"
php_value memory_limit 32M
php_value suhosin.session.encrypt Off
Redirect /mail/config-v1.1.xml http://fsmk.org/cgi-bin/autoconfig.cgi
RedirectMatch /cgi-bin/mailman/([^/.]
)(.cgi)?(.) https://fsmk.org:10000/virtualmin-mailman/unauthenticated/$1.cgi$3
RedirectMatch /mailman/([^/.]
)(.cgi)?(.*) https://fsmk.org:10000/virtualmin-mailman/unauthenticated/$1.cgi$3

AuthName "fsmk.org statistics"
AuthType Basic
AuthUserFile /home/fsmk/.awstats-htpasswd
require valid-user

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.fsmk.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.fsmk.org/privkey.pem
SSLCertificatechainFile /etc/letsencrypt/live/www.fsmk.org/chain.pem


#6

I was able to resolve the issue.

I disabled https for the site and then disabled the .htaccess file.
after that everything is okay.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.