Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: gitlab.moneypolo.zone
I ran this command: certbot renew
It produced this output:
Attempting to renew cert (gitlab.moneypolo.zone) from /etc/letsencrypt/renewal/gitlab.moneypolo.zone.conf produced an unexpected error: Failed authorization procedure. gitlab.moneypolo.zone (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [OYslH0QRomuEc_AB5XR3l0uKkXLzrUsHkh66pPEID-0.-OiumeD6NtXT3DHLsdSDEYi_3b_WIIDu44zi1kXW5SE] != [
Page not found
]. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/gitlab.moneypolo.zone/fullchain.pem (failure)
My web server is (include version): nginx
The operating system my web server runs on is (include version): Centos 7 x64
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
AssignUserID www_moneypolo.zone vhosts
ErrorLog /var/log/httpd/moneypolo.zone-error.log
CustomLog /var/log/httpd/moneypolo.zone-access.log combined
HostnameLookups Off
UseCanonicalName On
AllowEncodedSlashes On
ProxyRequests Off
ProxyPreserveHost On
<Location /var/www/public/letsencrypt>
# Restrction
# include /etc/httpd/IPrestriction/deny.conf
# include /etc/httpd/IPrestriction/NAME.conf
ProxyPass http://moneypolo.zone.mnps0024.mnp.local/
ProxyPassReverse http://moneypolo.zone.mnps0024.mnp.local/
</Location>
add 2. No special handling so far
add 3. Here is a log from last renewal
FailedChallenges: Failed authorization procedure. gitlab.moneypolo.zone (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [OYslH0QRomuEc_AB5XR3l0uKkXLzrUsHkh66pPEID-0.-OiumeD6NtXT3DHLsdSDEYi_3b_WIIDu44zi1kXW5SE] != [
Page not found
]
2018-04-05 11:16:14,630:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2018-04-05 11:16:14,630:ERROR:certbot.renewal: /etc/letsencrypt/live/gitlab.moneypolo.zone/fullchain.pem (failure)
2018-04-05 11:16:14,631:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.22.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1266, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1179, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python2.7/site-packages/certbot/renewal.py”, line 443, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)
add 4 certbot version is 0.22.0
add 5 only for gitlab.moneypolo.zone