Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: bandol.freeboxos.fr
I ran this command: sudo ./certbot-auto renew
It produced this output: Waiting for verification…
Challenge failed for domain bandol.freeboxos.fr
http-01 challenge for bandol.freeboxos.fr
Cleaning up challenges
Attempting to renew cert (bandol.freeboxos.fr) from /etc/letsencrypt/renewal/bandol.freeboxos.fr.conf produced an unexpected error: Some challenges have failed… Skipping.
All renewal attempts failed. The following certs could not be renewed:
My web server is (include version): Domoticz 4.10717
The operating system my web server runs on is (include version): Raspbian GNU/Linux 9.9 (stretch)
My hosting provider, if applicable, is: FREE
I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): 0.40
Please show output of:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: bandol.freeboxos.fr
Expiry Date: 2019-11-21 16:35:49+00:00 (VALID: 3 days)
Certificate Path: /etc/letsencrypt/live/bandol.freeboxos.fr/fullchain.pem
Private Key Path: /etc/letsencrypt/live/bandol.freeboxos.fr/privkey.pem
This is good (simple: one name only)
and this is bad:
VALID: 3 days
We need to get this fixed soon.
OK, I see the problem:
--2019-11-17 19:18:04-- http://bandol.freeboxos.fr/
Resolving bandol.freeboxos.fr (bandol.freeboxos.fr)... 2a01:e35:2f45:8980::1, 126.96.36.199
Connecting to bandol.freeboxos.fr (bandol.freeboxos.fr)|2a01:e35:2f45:8980::1|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://bandol.freeboxos.fr:1969/index.php [following]
--2019-11-17 19:18:05-- https://bandol.freeboxos.fr:1969/index.php
Connecting to bandol.freeboxos.fr (bandol.freeboxos.fr)|2a01:e35:2f45:8980::1|:1969... ^C
LE will only follow redirects to ports 80 or 443 (not 1969)
[and never to/through a
Please show your vhost config file for port 80
[the one that redirects to 1969]
IPv4 reaches your port 1969
but IPv6 fails to reach your port 1969
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 396, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.
2019-11-17 20:25:35,872:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2019-11-17 20:25:35,872:ERROR:certbot.renewal: /etc/letsencrypt/live/bandol.freeboxos.fr/fullchain.pem (failure)
2019-11-17 20:25:35,875:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1378, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1287, in renew
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/renewal.py”, line 474, in handle_renewal_request
Error: 1 renew failure(s), 0 parse failure(s)
The solution to the problem will be us making changes to this file:
My router redirects port 80 to 8080 from my server’s IP address and port 443 to 443
Please show the vhost config that is served when anyone tries:
the 1969 port is the secure port of my Freebox
The problem is NOT there.
The problem is in the file that redirects you there.
Please show the file that is reached by:
Well that will be a BIG problem to overcome.
I checked the site and it has a valid cert that expires in 30 days:
How was that installed?
Until now it worked. Nothing has changed between the time except the certbot version
This is the certificate of my Freebox, the problem is on the certificate of my Domoticz server
This certificate is automatically renewed by my Freebox
The cert that expires in 3 days is NOT the cert being used/seen from the Internet.
The Internet site seems to be renewing correctly.
So… I don’t understand the problem.
Please clarify this problem.
Does that system already have an LE cert?
If so, how did it get it?