Hello,
I have Let’sEncrypt running for more than one year now and I have a renewal issue this month.
My configuration is:
. web server: apache2 2.4.38
. operating system: linux 4.1.6
. certbot: version 0.31.0-1
. domain name: rosand-tech.com
certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/www.rosand-tech.com.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.rosand-tech.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (www.rosand-tech.com) from /etc/letsencrypt/renewal/www.rosand-tech.com.conf produced an unexpected error: Failed authorization procedure. www.rosand-tech.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.rosand-tech.com/.well-known/acme-challenge/uHHWOwJhnQn8H5oCviLXcJaVnV5g5JC_WsCLu2PBWjs [82.65.107.134]: “\n\n\n<meta http-”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.rosand-tech.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.rosand-tech.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: www.rosand-tech.com
Type: unauthorized
Detail: Invalid response from
http://www.rosand-tech.com/.well-known/acme-challenge/uHHWOwJhnQn8H5oCviLXcJaVnV5g5JC_WsCLu2PBWjs
[82.65.107.134]: “\n\n\n<meta
http-”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
dig @208.67.222.222 www.rosand-tech.com
; <<>> DiG 9.16.1-Ubuntu <<>> @208.67.222.222 www.rosand-tech.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9957
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.rosand-tech.com. IN A
;; ANSWER SECTION:
www.rosand-tech.com. 3600 IN A 82.65.107.134
;; Query time: 275 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: sam. août 08 11:21:28 CEST 2020
;; MSG SIZE rcvd: 64
ig @208.67.222.222 rosand-tech.com
; <<>> DiG 9.16.1-Ubuntu <<>> @208.67.222.222 rosand-tech.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4344
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;rosand-tech.com. IN A
;; ANSWER SECTION:
rosand-tech.com. 60 IN A 82.65.107.134
;; Query time: 467 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: sam. août 08 11:21:47 CEST 2020
;; MSG SIZE rcvd: 60