Certificate renewal not working

Hello,
I have Let’sEncrypt running for more than one year now and I have a renewal issue this month.

My configuration is:
. web server: apache2 2.4.38
. operating system: linux 4.1.6
. certbot: version 0.31.0-1
. domain name: rosand-tech.com

certbot renew --dry-run

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.rosand-tech.com.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.rosand-tech.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (www.rosand-tech.com) from /etc/letsencrypt/renewal/www.rosand-tech.com.conf produced an unexpected error: Failed authorization procedure. www.rosand-tech.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.rosand-tech.com/.well-known/acme-challenge/uHHWOwJhnQn8H5oCviLXcJaVnV5g5JC_WsCLu2PBWjs [82.65.107.134]: “\n\n\n<meta http-”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.rosand-tech.com/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.rosand-tech.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

dig @208.67.222.222 www.rosand-tech.com

; <<>> DiG 9.16.1-Ubuntu <<>> @208.67.222.222 www.rosand-tech.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9957
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.rosand-tech.com. IN A

;; ANSWER SECTION:
www.rosand-tech.com. 3600 IN A 82.65.107.134

;; Query time: 275 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: sam. août 08 11:21:28 CEST 2020
;; MSG SIZE rcvd: 64

ig @208.67.222.222 rosand-tech.com

; <<>> DiG 9.16.1-Ubuntu <<>> @208.67.222.222 rosand-tech.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4344
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;rosand-tech.com. IN A

;; ANSWER SECTION:
rosand-tech.com. 60 IN A 82.65.107.134

;; Query time: 467 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: sam. août 08 11:21:47 CEST 2020
;; MSG SIZE rcvd: 60

From where I’m standing it looks like your port forwarding isn’t working anymore, check its settings.

Thanks for the answer.
It was a problem on port 80 forwarding, fixed now.
Regards,
Zafi.

1 Like