Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: lajung.com.my
I ran this command: /usr/local/certbot-auto renew --no-self-upgrade --post-hook "/opt/rh/httpd24/root/usr/sbin/apachectl -k restart" >> /var/log/cert-renew.log
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Attempting to parse the version 0.36.0 renewal configuration file found at /etc/letsencrypt/renewal/lajung.com.my.conf with version 0.35.1 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for lajung.com.my
Waiting for verification...
Challenge failed for domain lajung.com.my
http-01 challenge for lajung.com.my
Cleaning up challenges
Attempting to renew cert (lajung.com.my) from /etc/letsencrypt/renewal/lajung.com.my.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/lajung.com.my/fullchain.pem (failure)
Running post-hook command: /opt/rh/httpd24/root/usr/sbin/apachectl -k restart
Output from post-hook command apachectl:
Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.
1 renew failure(s), 0 parse failure(s)
My web server is (include version):
httpd24-httpd
Server version: Apache/2.4.34 (Red Hat)
The operating system my web server runs on is (include version):
CentOS Linux release 7.6.1810 (Core)
My hosting provider, if applicable, is:
NA
I can login to a root shell on my machine (yes or no, or I don't know):
No
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
There is no Letsencrypt error visible, so relevant informations are missing
Your script doesn’t work. Change that.
Your command uses certbot-auto, but your version is certbot. certbot-auto --version - the same path from your command is required. Having two certbot versions is always bad.
I tried other commands (from answers in the Let’s Encrypt forums itself). The first one to test :
[root@lajung ~]# certbot renew -a webroot -w /opt/rh/httpd24/root/var/www/html --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/lajung.com.my.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for lajung.com.my
Using the webroot path /opt/rh/httpd24/root/var/www/html for all unmatched domains.
Waiting for verification...
Challenge failed for domain lajung.com.my
http-01 challenge for lajung.com.my
Cleaning up challenges
Attempting to renew cert (lajung.com.my) from /etc/letsencrypt/renewal/lajung.com.my.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/lajung.com.my/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/lajung.com.my/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: lajung.com.my
Type: unauthorized
Detail: Invalid response from
http://lajung.com.my/.well-known/acme-challenge/iaqbcwWnmV2ijPgXhwUfC1eF4tQYq8RXEi2y1UfTUP8
[103.240.177.72]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>403
Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
And the 2nd one :
[root@lajung ~]# certbot renew --cert-name lajung.com.my --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/lajung.com.my.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The requested apache plugin does not appear to be installed
Attempting to renew cert (lajung.com.my) from /etc/letsencrypt/renewal/lajung.com.my.conf produced an unexpected error: The requested apache plugin does not appear to be installed. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/lajung.com.my/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/lajung.com.my/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Umh…not like that actually. I just put some effort to figure out if I could resolve it.
However, since you mentioned bug, this is the output of “certbot plugins” :