My domain is: staging.amhealth.com
I ran this command: certbot renew --dry-run
It produced this output: (see below)
My web server is (include version): OpenLiteSpeed 1.7.19
The operating system my web server runs on is (include version): Ubuntu 22.04 LTS
My hosting provider, if applicable, is: Linode
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No control panel
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 1.21.0
I recently migrated my /etc/letsencrypt folder from server 15.204.85.129 to a new server on Linode. I copied the entire folder to the new server, preserving permissions and symlinks. However, when I attempt to verify that a renewal will occur, I get 404 failures when certbot tries to access the test file. I can successfully manually create the .well-known/acme-challenge folder and place an object in there that is visible to the open Internet. I know that I don't have to, and that the agent will do that automatically. The file is visible, so its not a webserver permission problem.
The problem seems to be that every cert for every virtual host is trying to validate itself against the old server, and since I am running this command on the NEW server, it fails. Somewhere the old server IP address of 15.204.85.129 is hard-coded, and certbot still thinks its running there. Is there a configuration change I need to make to remove this hard-coded IP address of the old server? The errors I am seeing (for two sample sites) are shown below:
Processing /etc/letsencrypt/renewal/staging.detoxcenterla.com.conf
Simulating renewal of an existing certificate for staging.detoxcenterla.com
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: staging.detoxcenterla.com
Type: unauthorized
Detail: 15.204.85.129: Invalid response from http://staging.detoxcenterla.com/.well-known/acme-challenge/gVpN38AMIffrekz_kkOEuvXBBw3YG2WJTleB-eqJs0U: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Failed to renew certificate staging.detoxcenterla.com with error: Some challenges have failed.
Processing /etc/letsencrypt/renewal/staging.goldfinchservicesnj.com.conf
Simulating renewal of an existing certificate for staging.goldfinchservicesnj.com
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: staging.goldfinchservicesnj.com
Type: unauthorized
Detail: 15.204.85.129: Invalid response from http://staging.goldfinchservicesnj.com/.well-known/acme-challenge/nL7y9ui1GSUaD5qPmuysl8fNMJP1hbyW2GIUAgavbK4: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
The following simulated renewals failed:
/etc/letsencrypt/live/staging.detoxcenterla.com/fullchain.pem (failure)
/etc/letsencrypt/live/staging.goldfinchservicesnj.com/fullchain.pem (failure)