Challanges File Issue while renew of Certificate

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail.blgindia.in

I ran this command: sudo certbot -v renew

It produced this output:

"
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/mail.blgindia.in.conf

Certificate is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate for mail.blgindia.in
Performing the following challenges:
http-01 challenge for mail.blgindia.in
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Challenge failed for domain mail.blgindia.in
http-01 challenge for mail.blgindia.in

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: mail.blgindia.in
Type: unauthorized
Detail: 65.20.79.94: Invalid response from https://mail.blgindia.in/.well-known/acme-challenge/ccSBRrq5C1nZMGi9han0P7H1L6TTHVYKJSjMXCtvT1U: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Cleaning up challenges
Failed to renew certificate mail.blgindia.in with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/mail.blgindia.in/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
"

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Ubuntu 22.04.3 LTS x86_64

My hosting provider, if applicable, is: Vultr

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 1.21.0

2

Do you know what the webroot for mail.blgindia.in is?

4 Likes
3

Maybe , yes!
When checked the configuration file it was like this

# renew_before_expiry = 30 days 
version = 1.21.0
archive_dir = /etc/letsencrypt/archive/mail.blgindia.in
archive_dir = /etc/letsencrypt/live/mail.blgindia.in/cert.pem
archive_dir = /etc/letsencrypt/live/mail.blgindia.in/privkey.pem
chain = /etc/letsencrypt/live/mail.blgindia.in/chain.pem
fullchain = /etc/letsencrypt/live/mail.blgindia.in/fullchain.pem

# Option used in the renewal process 
[renewalparams]
account = d4ce09f4c226b8944ef0e70240f1187f
authenticator = webroot
webroot_path = /var/www/html,
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
mail.blgindia.in = /var/www/html
4

The " character on the end should not be in that file.

Did you manually update the renewal conf file at any time?

3 Likes
5

The question relates to the root found in the web server.
[we know that is what certbot is looking for]

Show:
nginx -T

3 Likes
6

nope I didnt

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.