I have been using certbot for the past year managing our server’s certs so I assumed when I upgraded certbot to the 0.28 as stated as required here in order for our domains to continue to be secured that the renew would work fine given it has for the past year. However, that is not the case, as we get the error below. When navigating the domain it is properly secured with https and has the green lock throughout so I am completely confused.
My domain is: SpottingQuotes.ca
I ran this command: sudo certbot renew --dry-run
It produced this output:
Attempting to renew cert (www.spottingquotes.ca) from /etc/letsencrypt/renewal/www.spottingquotes.ca.conf produced an unexpected error: Failed authorization procedure. www.spottingquotes.ca (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.spottingquotes.ca/.well-known/acme-challenge/-hC1mlMHz8dKw29R2TZhVWmxnPGx3D3j8XIFq-0CiTY: "\n\n \n \n \n ". Skipping.
The following certs could not be renewed:
/etc/letsencrypt/live/www.spottingquotes.ca/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)
The following certs were successfully renewed:
/etc/letsencrypt/live/spottingquotes.ca/fullchain.pem (success)
The following certs could not be renewed:
/etc/letsencrypt/live/www.spottingquotes.ca/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
Running post-hook command: service nginx reload
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: www.spottingquotes.ca
\n "
Type: unauthorized
Detail: Invalid response from
http://www.spottingquotes.ca/.well-known/acme-challenge/-hC1mlMHz8dKw29R2TZhVWmxnPGx3D3j8XIFq-0CiTY:
"\n\n \n \nTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
quotr@SpottingQuotes:~/tmp/letsencrypt/renewal$ sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
My web server is (include version): nginx/1.10.2
The operating system my web server runs on is (include version): Ubuntu 16
My hosting provider, if applicable, is: Domain is GoDaddy’s but the server is hosted in AWS.
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):certbot 0.28.0