Perhaps you changed the document root location of a domain (since the last renewal).
If so, certbot-auto would not know of this change and would try the old location (and fail).
Do you know how to find the document root location for the failing domain?
[it must be matched by the webroot setting in the renewal config file]
Thanks for your quick feedback. How can I use correct webroot? I need to change some parameters in the config file?? Basically, I've not changed anything since I have gotten certifications.
Thanks for your quick response. Well, the document root location has not been changed since I've setup website and apache server. Is there anything I need to submit log file or change something?
You should review the conf file /etc/letsencrypt/renewal/www.corp-associe.jp.conf and check that all the web root defined for your domains (in section [[webroot_map]]) are the right ones you are using in your Apache conf.
If the paths are the right ones, you could create a test file inside /path/to/document/root/of/your/domain/.well-known/acme-challenge/ and check that you can get the file using your browser.
If you create the file we can check whether we can reach it too.
Thanks for your reply and feedback. I tried to change the web root, but I still have no luck for following domains. These are subdomain of "koshirophotography.com"
Waiting for verification...
Challenge failed for domain blog.koshirophotography.com
Challenge failed for domain nightview.koshirophotography.com
http-01 challenge for blog.koshirophotography.com
http-01 challenge for nightview.koshirophotography.com
Cleaning up challenges
Attempting to renew cert (www.corp-associe.jp) from /etc/letsencrypt/renewal/www.corp-associe.jp.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.corp-associe.jp/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.corp-associe.jp/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: blog.koshirophotography.com
Type: unauthorized
Detail: Invalid response from
https://blog.koshirophotography.com/.well-known/acme-challenge/KkDLKWMx0Kt0WLPNh0WuWEK8MDIFPXwEvul2P7AFO8o
[203.141.138.215]: "<!DOCTYPE html>\n\n<html class=\"no-js\"
lang=\"ja\">\n\n\t<head>\n\n\t\t<meta charset=\"UTF-8\">\n\t\t<meta
name=\"viewport\" content=\"width=device"
Domain: nightview.koshirophotography.com
Type: unauthorized
Detail: Invalid response from
https://nightview.koshirophotography.com/.well-known/acme-challenge/9Maxmt08BmXeOwE4e9mARynzSp45BN0SpUtwXg0WpS4
[203.141.138.215]: "<!DOCTYPE html>\n\n<html class=\"no-js\"
lang=\"ja\">\n\n\t<head>\n\n\t\t<meta charset=\"UTF-8\">\n\t\t<meta
name=\"viewport\" content=\"width=device"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Yes, I changed the web root in the renewal conf file. BTW, I've found that both domain names are incorrect. So I fixed these names. However, I got error as below.
I guess that this is because of many attempt of authorization. In this case, I will need to wait for 30-40 minutes?
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Attempting to renew cert (www.corp-associe.jp) from /etc/letsencrypt/renewal/www.corp-associe.jp.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.corp-associe.jp/fullchain.pem (failure)