Could not renew Let's Encrypt certificates

dc-maruri · January 17, 2020, 10:47am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

lauroikastola.eus

I ran this command:

It produced this output:

Could not renew Let’s Encrypt certificates for Agurtzane Mentxaka (login admin). Please log in to Plesk and renew the certificates listed below manually.
Renewal of the following Let’s Encrypt certificates has failed:

‘Lets Encrypt lauroikastola.eus’ [days to expire: 19]
lauroikastola.eus

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/2320540100.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Invalid response from https://www.lauroikastola.eus/.well-known/acme-challenge/Kb6K6e51PoX918ZFzjs3JQIHhpV-bnumVM3OMWhtSr8 [51.83.76.239]: “\r\n404 Not Found\r\n\r\n

404 Not Found
\r\n
nginx\r\n”

The following Let’s Encrypt certificates have been renewed without some of their Subject Alternative Names:

My web server is (include version):

The operating system my web server runs on is (include version):

Debian 8.11

My hosting provider, if applicable, is:

OVH

I can login to a root shell on my machine (yes or no, or I don’t know):

YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

PLESK 17.8.11

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Plesk Let’s Script extension versión 2.8.4-547

JuergenAuer · January 17, 2020, 11:02am

Hi @dc-maruri

looks like you have found a solution. Or you use a completely wrong command.

Checking your domain there is a new certificate - https://check-your-website.server-daten.de/?q=lauroikastola.eus

CN=lauroikastola.eus
	16.01.2020
	15.04.2020
expires in 89 days	lauroikastola.eus, www.lauroikastola.eus - 2 entries

If you use Plesk, use only Plesk, nothing else.

Your site isn't perfect (Grade E), but both connections (non-www and www) are secure.

And you have already created 4 identical certificates:

Issuer	not before	not after	Domain names
Let's Encrypt Authority X3	2020-01-15	2020-04-14	lauroikastola.eus, www.lauroikastola.eus
2 entries	duplicate nr. 4
Let's Encrypt Authority X3	2020-01-15	2020-04-14	lauroikastola.eus, www.lauroikastola.eus
2 entries	duplicate nr. 3
Let's Encrypt Authority X3	2020-01-14	2020-04-13	lauroikastola.eus, www.lauroikastola.eus
2 entries	duplicate nr. 2
Let's Encrypt Authority X3	2020-01-14	2020-04-13	lauroikastola.eus, www.lauroikastola.eus
2 entries	duplicate nr. 1
Let's Encrypt Authority X3	2020-01-10	2020-04-09	lauroikastola.eus, www.lauroikastola.eus
2 entries

dc-maruri · January 17, 2020, 11:16am

Thanks JuergenAuer, so we don’t need to worry about the Let’s Script message we receive each day about the “Could not renew Let’s Encrypt certificates” ?

We only have used the Let’s Script plesk extension.

JuergenAuer · January 17, 2020, 2:24pm

I don't know. But Letsencrypt doesn't send daily mails.

Read

PS: Sometimes users change their hoster. And the old system sends such mails. So check the header to find the ip of the sender and check, if this is your current system.

system · February 16, 2020, 2:26pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Could not renew Let's Encrypt certificates

404 Not Found