My Domain Name is : bdnetbreeze.blackdragonnetworks.com
I ran this command: certbot renew
It produced this output:
[root@bdnetbreeze ~]# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate for bdnetbreeze.blackdragonnetworks.com
Performing the following challenges:
http-01 challenge for bdnetbreeze.blackdragonnetworks.com
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Waiting for verification...
Challenge failed for domain bdnetbreeze.blackdragonnetworks.com
http-01 challenge for bdnetbreeze.blackdragonnetworks.com
Cleaning up challenges
Failed to renew certificate bdnetbreeze.blackdragonnetworks.com with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
1 renew failure(s), 0 parse failure(s)
I looked up my most recent certificate and downloaded it. Number Certificate 8516514919.
I had to restore this system from a snapshot on the Vultr Cloud so I think my certificates are out of synch. Where would I put this file to get https://bdnetbreeze.blackdragonnetworks.com:8082 going again. It will expire April 22 according to the website.
Here is my log output::
I'm using: Centos7
My server is nginx - 443 porting server running on port 8082.
2023-03-30 14:39:36,351:DEBUG:certbot._internal.main:certbot version: 1.11.0
2023-03-30 14:39:36,351:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-03-30 14:39:36,351:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-03-30 14:39:36,368:DEBUG:certbot._internal.log:Root logging level set at 20
2023-03-30 14:39:36,368:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2023-03-30 14:39:36,409:DEBUG:certbot.ocsp:Querying OCSP for /etc/letsencrypt/live/bdnetbreeze.blackdragonnetworks.com/cert.pem
2023-03-30 14:39:36,409:DEBUG:certbot.ocsp:openssl ocsp -no_nonce -issuer /etc/letsencrypt/live/bdnetbreeze.blackdragonnetworks.com/chain.pem -cert /etc/letsencrypt/live/bdnetbreeze.blackdragonnetworks.com/cert.pem -CAfile /etc/letsencrypt/live/bdnetbreeze.blackdragonnetworks.com/chain.pem -verify_other /etc/letsencrypt/live/bdnetbreeze.blackdragonnetworks.com/chain.pem -trust_other -timeout 10 -header Host r3.o.lencr.org -url http://r3.o.lencr.org
2023-03-30 14:39:36,432:DEBUG:certbot.display.util:Notifying user: Found the following certs:
Certificate Name: bdnetbreeze.blackdragonnetworks.com
Serial Number: 427eea5171ad0139274a8a110a457d2bbc6
Key Type: RSA
Expiry Date: 2023-04-19 05:03:22+00:00 (VALID: 19 days)
Certificate Path: /etc/letsencrypt/live/bdnetbreeze.blackdragonnetworks.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/bdnetbreeze.blackdragonnetworks.com/privkey.pem
I've moved your posts to their own separate thread. Please don't hijack other peoples threads.
You say nginx runs on port 8082? How's that? Can you explain more about your setup in detail, as I'm also seeing an Apache webserver listening on port 80?
The certificate validation for the
http-01 challenge always starts on port 80. It seems Apache just redirects to HTTPS (on default port 443, which is mandatory for the challenge when following HTTP to HTTPS redirects), where a nginx server is listening.
# renew_before_expiry = 30 days
version = 1.9.0
archive_dir = /etc/letsencrypt/archive/bdnetbreeze.blackdragonnetworks.com
cert = /etc/letsencrypt/live/bdnetbreeze.blackdragonnetworks.com/cert.pem
privkey = /etc/letsencrypt/live/bdnetbreeze.blackdragonnetworks.com/privkey.pem
chain = /etc/letsencrypt/live/bdnetbreeze.blackdragonnetworks.com/chain.pem
fullchain = /etc/letsencrypt/live/bdnetbreeze.blackdragonnetworks.com/fullchain.pem
# Options used in the renewal process
authenticator = nginx
account = 73f5f7d43c9116eea6f3a761ed7e7155
server = https://acme-v02.api.letsencrypt.org/directory
installer = nginx
On your system you have both
nginx; as @Osiris noted.
See here for HTTP-01 challenge details.
Most importantly is the
< TOKEN > being put where nginx's can server https://bdnetbreeze.blackdragonnetworks.com/.well-known/acme-challenge/`< TOKEN >`
I note the HTTP-01 challenge starting on Port 80 seems to be
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips;
$ curl -Ii http://bdnetbreeze.blackdragonnetworks.com/.well-known/acme-challenge/sometestfile
HTTP/1.1 301 Moved Permanently
Date: Fri, 31 Mar 2023 19:53:15 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Content-Type: text/html; charset=iso-8859-1
And is redirected to HTTPS Port 443 nginx
$ curl -k -Ii https://bdnetbreeze.blackdragonnetworks.com/.well-known/acme-challenge/sometestfile
HTTP/1.1 404 Not Found
Date: Fri, 31 Mar 2023 19:53:18 GMT
So you are telling me I need to put my "Token" in the Apache server directory?
So I should renew the certificate using the apache switch?
I used the : Certbot certonly command and picked the apache option. I think I have my certs renewed.
lrwxrwxrwx 1 root root 60 Apr 5 15:42 cert.pem -> ../../archive/bdnetbreeze.blackdragonnetworks.com/cert14.pem
lrwxrwxrwx 1 root root 61 Apr 5 15:42 chain.pem -> ../../archive/bdnetbreeze.blackdragonnetworks.com/chain14.pem
lrwxrwxrwx 1 root root 65 Apr 5 15:42 fullchain.pem -> ../../archive/bdnetbreeze.blackdragonnetworks.com/fullchain14.pem
lrwxrwxrwx 1 root root 63 Apr 5 15:42 privkey.pem -> ../../archive/bdnetbreeze.blackdragonnetworks.com/privkey14.pem
-rw-r--r-- 1 root root 692 Dec 7 2020 README
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.