Certificate Renewal

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

gobooc.com

I ran this command:

sudo certbot renew

It produced this output:

Attempting to renew cert (gobooc.com) from /etc/letsencrypt/renewal/gobooc.com.conf produced an unexpected error: Failed authorization procedure. gobooc.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 2606:4700:20::ac43:454f: Invalid response from http://gobooc.com/.well-known/acme-challenge/MHfP2RL1Yygz_7BzHqPOX_aBdpWx5OqJ1HAmzdGtWQY: 403, www.gobooc.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 2606:4700:20::681a:676: Invalid response from https://gobooc.com: "<!DOCTYPE html><html lang=\"en\"><head><link rel=\"manifest\" href=\"/manifest.json\" /><link rel=\"shortcut icon\" href=\"/favicon.ico\" ". Skipping.

My web server is (include version):

Server version: Apache/2.4.29 (Ubuntu)
Server built: 2022-06-23T12:51:37

The operating system my web server runs on is (include version):

Ubuntu 18.04.1 LTS

My hosting provider, if applicable, is:

Cloudflare, AWS

I can login to a root shell on my machine (yes or no, or I don't know):

Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.28.0

Hi @akzdinglasan, and welcome to the LE community forum :slight_smile:

That a very old version and should be replaced with a current one.

Your site is behind Cloudflare CDN, is it set to full strict?

Are the HTTP and HTTPS root/document root paths the same?
If not, you might want to try using --webroot authentication.

6 Likes

certbot now at 0.31.0 and SSL/TLS is set to flexible but im still getting the same error.

HTTP and HTTPS root/document root paths are the same, can you show me how to do the --webroot auth?

User Guide — Certbot 1.27.0 documentation (eff-certbot.readthedocs.io)

certbot certonly --webroot -w /DocumentRoot/path -d gobooc.com -d www.gobooc.com
[insert the actual DocumentRoot path]

6 Likes

Check your Apache server config. The Let's Encrypt server makes a request to your server like shown in your error message.

The request fails with an http code 403 Forbidden. Check your VirtualHost and other settings to make sure you allow request URLs with this format.

6 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.