Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: https://brazilianflame.com.au/
I ran this command:
sudo lego --tls --email="email@example.com" --domains="brazilianflame.com.au" --path="/etc/lego" renew
It produced this output:
2020/10/19 01:12:31 No key found for account firstname.lastname@example.org. Generating a P384 key.
2020/10/19 01:12:31 Saved key to /email@example.comfirstname.lastname@example.org
2020/10/19 01:12:32 Account email@example.com is not registered. Use 'run' to register a new account.
I run this command:
sudo /opt/bitnami/letsencrypt/lego --tls --email="firstname.lastname@example.org" --domains="brazilianflame.com.au" --path="/opt/bitnami/letsencrypt/" run
It produced this output:
2020/10/20 03:59:26 [INFO] [brazilianflame.com.au] acme: Obtaining bundled SAN certificate
2020/10/20 03:59:27 [INFO] [brazilianflame.com.au] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8014454166
2020/10/20 03:59:27 [INFO] [brazilianflame.com.au] acme: use tls-alpn-01 solver
2020/10/20 03:59:27 [INFO] [brazilianflame.com.au] acme: Trying to solve TLS-ALPN-01
2020/10/20 03:59:33 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8014454166
2020/10/20 03:59:34 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8014454166
2020/10/20 03:59:34 Could not obtain certificates:
error: one or more domains had a problem:
[brazilianflame.com.au] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge, url:
My web server is (include version): NGINX Self-contained Bitnami (bitnami-wordpresspro-5.2.2-4-linux-ubuntu-16.04-x86_64) on AWS EC2 with Load Balancer.
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): certbot 0.31.0
So... I'm trying to identify what's causing the cert to not be renewed. I tried to renew the cert but lego says I don't have a cert for this account even though the site has a valid Let's Encrypt cert installed right now. When I try to run for a new cert, I get the error above.
I've checked the DNS entries and all seems fine. I'm not using CloudFlare, but AWS Load Balancer is on (and listening on ports 80 and 443). I've already searched everywhere for a solution for this error: 403, but I got no success so far. I really appreciate if anybody can help here. Thanks!