Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
snapto.co.uk
I ran this command:
scl enable python27 “./certbot-auto certonly --force-renewal --rsa-key-size 4096 --email hostmaster@snapto.co.uk --agree-tos -w /home/snapto/public_html/ -d snapto.co.uk -d www.snapto.co.uk -d mail.snapto.co.uk -d server.snapto.co.uk --authenticator webroot”
It produced this output:
Failed authorization procedure. server.snapto.co.uk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://server.snapto.co.uk/.well-known/acme-challenge/TOEUbg0KAPf9UxFipyw8PbGIJHAuHA29ffBTNOgylQU:1
My web server is (include version):
Apache 2.2.15
The operating system my web server runs on is (include version):
CentOS 6.9
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Virtualmin 6.02
snapto.co.uk is the main domain name of the server and is set to use server.snapto.co.uk
This has been working fine for over a year, this error only appeared with that laest renewal attempt. The other snapto.co.uk domain can renew fine as well as all other domains on the site. The web root path is the same for all the snapto.co.uk domains and is reachable by http the only difference is that server.snapto.co.uk is set as the FQDN of the server. Sanptoc.o.uk is set as the default virtual server for the server main IP
The cert for gardendesignershertfordshire.co.uk was only added recently after the previous renewal for snapto.co.uk
The details of the cert show correctly see enclosed screenshot and the cert still works. The marked as trusted for gardendesignershertfordshire.co.uk I can only see in Safari.
Questions
- What generates the marked as trusted for ? Is this read locally from the cert files ?
- If when generating a cert using webroot and the webroot path is wrong will it still gernate a certificate i.e. in case I set the webroot using snapto path when generating the cert for gardendesignershertfordshire.co.uk which is highly unlikely but possible hence the potential reason for that domain showing ?
Solution
- Would revoking the snapto.co.uk cert, deleteing then re-obtaining a new cert likely to work ?
- Any other ideas ?