Hi
My domain is: tronatic-studio.com
I ran this command: certbot renew --dry-run
It produced this output:
Attempting to renew cert from /etc/letsencrypt/renewal/www.tronatic-studio.com.conf produced an unexpected error: Failed authorization procedure.
backoffice.tronatic-studio.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to backoffice.tronatic-studio.com,
assets.tronatic-studio.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to assets.tronatic-studio.com,
media.tronatic-studio.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to media.tronatic-studio.com,
thumbnails.tronatic-studio.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to thumbnails.tronatic-studio.com. Skipping.
My web server is : nginx 1.13.1
The operating system my web server runs on is : Archlinux 4.9.30-1-lts (from archlinux.mirrors.ovh.net)
My hosting provider, if applicable, is: OVH
I can login to a root shell on my machine : yes
I'm using a control panel to manage my site : no
History:
- I ran
certbot certonly --webroot
-w /srv/http/atalow/tronatic-studio.com/web -d www.tronatic-studio.com -d tronatic-studio.com -d backoffice.tronatic-studio.com
-w /srv/http/atalow/tronatic-studio.com/web/assets -d assets.tronatic-studio.com
-w /srv/http/atalow/tronatic-studio.com/web/upload -d media.tronatic-studio.com
-w /srv/http/atalow/tronatic-studio.com/web/thumbnails -d thumbnails.tronatic-studio.com
All domains are CNAME of tronatic-studio.com which had only an A record at this time.
-
I added an AAAA record for tronatic-studio.com
-
I added a default server for disabling ipv6only
server {
listen [::]:80 ipv6only=off default_server;
listen [::]:443 ssl ipv6only=off default_server;
server_name _;
ssl_certificate /etc/letsencrypt/live/www.matthecat.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.matthecat.com/privkey.pem;
return 444;
}
- I updated servers config, eg. media.tronatic-studio.com
server {
listen [::]:443 ssl http2;
server_name media.tronatic-studio.com;
ssl_certificate /etc/letsencrypt/live/www.tronatic-studio.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.tronatic-studio.com/privkey.pem;
root /srv/http/atalow/tronatic-studio.com/web/upload;
expires max;
add_header Cache-Control public;
}
Now I can't figure why could www.tronatic-studio.com be renewed and not other CNAME
Any idea? Thanks!