Certificate renewal failed

Karely90 · November 24, 2021, 1:16am

My domain is: viciremote.telsurcallcenter.com

I ran this command: certbot renew

It produced this output:

/usr/lib/python2.7/site-packages/OpenSSL/crypto.py:12: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.
from cryptography import x509
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/viciremote.telsurcallcenter.com.conf

Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for viciremote.telsurcallcenter.com
Using the webroot path /srv/www/htdocs for all unmatched domains.
Waiting for verification...
Challenge failed for domain viciremote.telsurcallcenter.com
http-01 challenge for viciremote.telsurcallcenter.com
Cleaning up challenges
Attempting to renew cert (viciremote.telsurcallcenter.com) from /etc/letsencrypt/renewal/viciremote.telsurcallcenter.com.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/viciremote.telsurcallcenter.com/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/viciremote.telsurcallcenter.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: viciremote.telsurcallcenter.com
Type: unauthorized
Detail: Invalid response from
http://viciremote.telsurcallcenter.com/.well-known/acme-challenge/vcWuqNeHHNmVW7ReHnSq3ZTccAOOAHzlKVAnkx62bBU
[201.174.234.44]: "<?xml version="1.0"
encoding="UTF-8"?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Strict//EN"\n "http://www.w3.org/TR/xhtml1/D"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
You have new mail in /var/mail/root

My web server is (include version): nginx version: nginx/1.14.0

The operating system my web server runs on is (include version): Kernel - Linux version 4.12.14-lp151.28.87-default (geeko@buildhost) (gcc version 7.5.0 (SUSE Linux) )
NAME="openSUSE Leap"
VERSION="15.1"

My hosting provider, if applicable, is: godaddy

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.0.0

rg305 · November 24, 2021, 3:46am

Hi @Karely90 and welcome to the LE community forum

I'd start by updating certbot.
[not sure how that's done on "openSUSE Leap"]

rg305 · November 24, 2021, 9:48pm

Not sure about that particular entry - it probably doesn't even need to be used at all (the default should be fine).
But certbot (and every other ACME client) should definitely be using v02.

system · December 24, 2021, 9:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate Renewal Failed: Invalid Response Help	53	3706	January 14, 2022
Renewing certificate fails Help	5	865	July 7, 2021
Problem renewing certificates Help	14	4844	August 18, 2021
Failed to renew certificate: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA Help	5	5970	August 14, 2020
Replace a seemingly valid certificate with a test certificate Help	7	2192	December 25, 2021

Certificate renewal failed

Related topics