Certificate renewal failed

Hello, please help me with Let’s Encrypt cerificate renewal. It was initially set up by another guy, and I’m not able to refresh it.

My domain is: https://travel-empire.guru/

I ran this commands:

sudo apt update && sudo apt upgrade
sudo apt install certbot
sudo certbot renew --force-renewal

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/travel-empire.guru.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 1.2.0 renewal configuration file found at /etc/letsencrypt/renewal/travel-empire.guru.conf with version 0.27.0 of Certbot. This might not work.
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for travel-empire.guru
http-01 challenge for www.travel-empire.guru
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (travel-empire.guru) from /etc/letsencrypt/renewal/travel-empire.guru.conf produced an unexpected error: Failed authorization procedure. travel-empire.guru (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://travel-empire.guru/.well-known/acme-challenge/gxPo11WZFOVFRb-qV7SnPBStIvQxBTW66qMhIPhIeEc [52.148.254.255]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>", www.travel-empire.guru (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.travel-empire.guru/.well-known/acme-challenge/7nZOqRTlH5wfQHJSj3K6R0MSji8mpWlpFkP-ZzJryqQ [52.148.254.255]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>". Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/travel-empire.guru/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/travel-empire.guru/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: travel-empire.guru
   Type:   unauthorized
   Detail: Invalid response from
   http://travel-empire.guru/.well-known/acme-challenge/gxPo11WZFOVFRb-qV7SnPBStIvQxBTW66qMhIPhIeEc
   [52.148.254.255]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   Domain: www.travel-empire.guru
   Type:   unauthorized
   Detail: Invalid response from
   http://www.travel-empire.guru/.well-known/acme-challenge/7nZOqRTlH5wfQHJSj3K6R0MSji8mpWlpFkP-ZzJryqQ
   [52.148.254.255]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version):
Apache
The operating system my web server runs on is (include version):
Linux (ubuntu 18.04)

My hosting provider, if applicable, is:

MS Azure

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.27.0

1 Like

Hi @prootq

if you use webroot and if the renew doesn’t work, your webroot is wrong. Or you have additional definitions so the standard webroot isn’t used.

Please find your real webroot.

Why do you have a newer config file and an older certbot?

If you use the same command with a different setup / other webroot, that can’t work.

1 Like

thanks for your reply. I’m not sure where is my webroot, so I ran:

grep -r DocumentRoot /etc/{apache,http}* 2>/dev/null
and get the output:

/etc/apache2/sites-available/travel-empire.guru.conf:    DocumentRoot /home/travel-empire/travel-empire.guru
/etc/apache2/apache2.conf:    DocumentRoot /var/www/html

I installed this certbot just about 1 week ago, why it’s “older”? Or I didn’t get your question, sorry.

1 Like

I tried to run
sudo certbot renew --webroot -w /var/www/html, but got the same result
> vachel@websitevm:~$ sudo certbot renew --webroot -w /var/www/html
> Saving debug log to /var/log/letsencrypt/letsencrypt.log
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Processing /etc/letsencrypt/renewal/travel-empire.guru.conf
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Attempting to parse the version 1.2.0 renewal configuration file found at /etc/letsencrypt/renewal/travel-empire.guru.conf with version 0.27.0 of Certbot. This might not work.
> Cert is due for renewal, auto-renewing…
> Plugins selected: Authenticator webroot, Installer None
> Renewing an existing certificate
> Performing the following challenges:
> http-01 challenge for travel-empire.guru
> http-01 challenge for www.travel-empire.guru
> Using the webroot path /var/www/html for all unmatched domains.
> Waiting for verification…
> Cleaning up challenges
> Attempting to renew cert (travel-empire.guru) from /etc/letsencrypt/renewal/travel-empire.guru.conf produced an unexpected error: Failed authorization procedure. travel-empire.guru (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://travel-empire.guru/.well-known/acme-challenge/DwIXvEHqhZQHO87s-CGvrAMxs0yBfBadbl5KdDNwBaQ [52.148.254.255]: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n
”, www.travel-empire.guru (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.travel-empire.guru/.well-known/acme-challenge/CIHFAYHEB-McVO5hKHFwDfIdWMoC9oUjVep4FiQ5ogw [52.148.254.255]: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n
”. Skipping.
> All renewal attempts failed. The following certs could not be renewed:
> /etc/letsencrypt/live/travel-empire.guru/fullchain.pem (failure)
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> All renewal attempts failed. The following certs could not be renewed:
> /etc/letsencrypt/live/travel-empire.guru/fullchain.pem (failure)
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 1 renew failure(s), 0 parse failure(s)
>
> IMPORTANT NOTES:
> - The following errors were reported by the server:
>
> Domain: travel-empire.guru
> Type: unauthorized
> Detail: Invalid response from
> http://travel-empire.guru/.well-known/acme-challenge/DwIXvEHqhZQHO87s-CGvrAMxs0yBfBadbl5KdDNwBaQ
> [52.148.254.255]: “\r\n404 Not
> Found\r\n<body bgcolor=“white”>\r\n

404
> Not Found

\r\n

>
> Domain: www.travel-empire.guru
> Type: unauthorized
> Detail: Invalid response from
> http://www.travel-empire.guru/.well-known/acme-challenge/CIHFAYHEB-McVO5hKHFwDfIdWMoC9oUjVep4FiQ5ogw
> [52.148.254.255]: “\r\n404 Not
> Found\r\n<body bgcolor=“white”>\r\n

404
> Not Found

\r\n

>
> To fix these errors, please make sure that your domain name was
> entered correctly and the DNS A/AAAA record(s) for that domain
> contain(s) the right IP address.

Try it with /home/travel-empire/travel-empire.guru instead of /var/www/html

Thanks, same result:

vachel@websitevm:~$ sudo certbot renew --webroot -w /home/travel-empire/travel-empire.guru
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/travel-empire.guru.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 1.2.0 renewal configuration file found at /etc/letsencrypt/renewal/travel-empire.guru.conf with version 0.27.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for travel-empire.guru
http-01 challenge for www.travel-empire.guru
Using the webroot path /home/travel-empire/travel-empire.guru for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (travel-empire.guru) from /etc/letsencrypt/renewal/travel-empire.guru.conf produced an unexpected error: Failed authorization procedure. travel-empire.guru (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://travel-empire.guru/.well-known/acme-challenge/qeMqqo11DGoXAb_thG-w2fFE_oWhgUcpuPQrZarOV8Q [52.148.254.255]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>", www.travel-empire.guru (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.travel-empire.guru/.well-known/acme-challenge/6WNTZJCJDrtUF1cxykBDV_r9Q1QQH316by50yNcbV3g [52.148.254.255]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>". Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/travel-empire.guru/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/travel-empire.guru/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: travel-empire.guru
   Type:   unauthorized
   Detail: Invalid response from
   http://travel-empire.guru/.well-known/acme-challenge/qeMqqo11DGoXAb_thG-w2fFE_oWhgUcpuPQrZarOV8Q
   [52.148.254.255]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   Domain: www.travel-empire.guru
   Type:   unauthorized
   Detail: Invalid response from
   http://www.travel-empire.guru/.well-known/acme-challenge/6WNTZJCJDrtUF1cxykBDV_r9Q1QQH316by50yNcbV3g
   [52.148.254.255]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.