Certificate expired

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: lab.arcontia.se & test.arcontia.se

My web server is (include version): nginx 1.14.0

The operating system my web server runs on is (include version): Ubuntu

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.27.0

Hi, I have been trying to renew my certificates using certbot, but try as I might I can't seem to find the cause of this error.


What I have been able to find hints at that it could have something to do with certbot preferring IPv6 and that causing problems with servers not set up for that. But as far as I can see that is not what is happening here and so those solutions have not gotten me anywhere.

Also, there are no problems reaching the page itself with the URL so there is nothing wrong with my A record.


Hi @Pico-tan,

Can you show the contents of /etc/letsencrypt/renewal/lab.arcontia.se.conf? Is it possible that you originally got your certificate using --standalone?


Sadly it was not me personally who first set this up, so that is a possibility but I have no idea how this was first set up.

Contents of the requested file linked bellow.

renew_before_expiry = 30 days

version = 0.27.0
archive_dir = /etc/letsencrypt/archive/lab.arcontia.se
cert = /etc/letsencrypt/live/lab.arcontia.se/cert.pem
privkey = /etc/letsencrypt/live/lab.arcontia.se/privkey.pem
chain = /etc/letsencrypt/live/lab.arcontia.se/chain.pem
fullchain = /etc/letsencrypt/live/lab.arcontia.se/fullchain.pem

Options used in the renewal process

account = e91329e3d580ced3f809f327f304106c
authenticator = nginx
installer = nginx
server = https://acme-v02.api.letsencrypt.org/directory


Thanks for sharing this configuration. This looks correct to me, and so I'm not sure why it would fail to renew the way you saw.

My first guess is that there is some feature in your nginx configuration which this old version of Certbot doesn't understand properly, but that might be understood by a newer version. Could you upgrade to a newer Certbot version?

Note that step 4 here calls for you to remove your existing Certbot package (which was probably installed with apt). This is not harmful to your certificates and certificate renewal configuration, as long as you don't use --purge when removing the package.


I still get the same error after trying this. though with the added bit at the beggining
Challenge failed for domain lab.arcontia.se
http-01 challenge for lab.arcontia.se
Cleaning up challenges
Some challenges have failed.


Which version of Certbot are you using now?


Which is the one I got from snap


And your nginx server runs directly on that same machine, right?


One of them does, the other runs in a docker. The one on the server is a GitLab implementation though, so it might be special in some way, I can't say I understand it too well.

Edit: Oh yeah, the other domain is test.arcontia.se and it tries to renew that one too if I run certbot renew.
with basically the same error.

1 Like

does anyone have any idea what is going on?

1 Like

Hi @Pico-tan,

I would look at the relationship between the Docker server and the host. If you have port 80 forwarded to this Docker container, then you have to run Certbot inside Docker too, because the certificate authority connects to your IP address only on port 80. So whatever is answering on port 80 as seen by the rest of the Internet is what needs to be used to obtain the certificate.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.