Certificate Renewal via http-01 webroot Failed authorization procedure


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: bsa113.com, www.bsa113.com, dprall.net

I ran this command: certbot-auto renew

It produced this output:
[root@webserver renewal]# certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/bsa113.com.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for bsa113.com
http-01 challenge for dprall.net
http-01 challenge for www.bsa113.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (bsa113.com) from /etc/letsencrypt/renewal/bsa113.com.conf produced an unexpected error: Failed authorization procedure. www.bsa113.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://bsa113.com.well-known/acme-challenge/dNpwCZp3ttLu5WnfEh-cP2zf8NKjA6npeh-xe4E-XBk: Error getting validation data, bsa113.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://bsa113.com.well-known/acme-challenge/WEKzCxXy5McAS87FGCOzCHANzjZN06cb94Clb6tVo0w: Error getting validation data. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/bsa113.com/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/bsa113.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

My web server is (include version): Apache

The operating system my web server runs on is (include version): Centos 6.9

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I was utilizing certbot-auto that was an older release and it was just hanging. I downloaded the latest and it went through and upgraded itself. Now getting the above.


#2

The web server’s redirecting to an invalid domain. Check the Apache configuration for something like “Redirect permanent / https://bsa113.com” and add a “/” at the end so it’s “Redirect permanent / https://bsa113.com/”.


#3

@mnordhoff Matt thank you very much. Something so simple and I was banging my head against the wall. Thanks again.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.