Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Hello Experts,
I am having an issue to renew certificate with certbot. could you please help me.
I ran this command:
sudo certbot --config /etc/letsencrypt/configs/file.conf certonly -v --dry-run
It produced this output:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Cleaning up challenges
Some challenges have failed.
The operating system my web server runs on is (include version):
My web server is (include version): nginx version: nginx/1.18.0
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NA
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.5.0
I have a few questions to help us help you solve your issue:
can you please post the entire output of the Certbot command? The essential error message from the ACME server is missing. Or even better, upload the letsencrypt.log file.
is there a specific reason why you're trying to renew your certificate with the certonly subcommand instead of the renew subcommand?
also out of curiosity, why are you using the --config option in combination with a /configs/ directory? Usually the relevant information for a certificate is stored in the renewal configuration file, so I'm curious why you have this setup with --config.
Also, looking a second time, I see you're using the webroot authenticator, but your hostname devops.z3cyber.org is not reachable on port 80. For the webroot authenticator to succeed, your host needs to be reachable using HTTP. See also:
can you please post the entire output of the Certbot command? The essential error message from the ACME server is missing. Or even better, upload the letsencrypt.log file. --- Log Shared
is there a specific reason why you're trying to renew your certificate with the certonly subcommand instead of the renew subcommand? -- Achtually im new to let's encrypt. last time it was renew using the same command i just fallowed it usng --dry-run. to check if it give any out put before disturbing it.
also out of curiosity, why are you using the --config option in combination with a /configs/ directory? Usually the relevant information for a certificate is stored in the renewal configuration file, so I'm curious why you have this setup with --config. ---There is the config file create with all required details to generate certificate we are refer that .
All I can tell you that the http-01 challenge always starts on HTTP port 80. I'm not familiar with your setup, so I don't know if or how you can open up port 80.
Usually one needs to make sure any firewall accepts incoming requests for port 80 and, if applicable, port 80 is portmapped to the correct internal device in the NAT router.