Hay, I’m having some issues renewing of my domains. i get error:
Unable to clean up challenge directory /code/printerqoe/backoffice/public/.well-known/acme-challenge
Attempting to renew cert (www.backoffice.myprintqoe.com ) from /etc/letsencrypt/renewal/www.backoffice.myprintqoe.com.conf produced an unexpected error: Failed authorization procedure. www.backoffice.myprintqoe.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.backoffice.myprintqoe.com/.well-known/acme-challenge/uKhtxwVeP59NdueWEtA3WSs96Zv02_TEcMDPewlLvhk: “\n\n\n \n <meta charset=”". Skipping.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: backoffice.myprintqoe.com
I ran this command: certbot renew
It produced this output:
Processing /etc/letsencrypt/renewal/www.backoffice.myprintqoe.com.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for backoffice.myprintqoe.com
http-01 challenge for www.backoffice.myprintqoe.com
Waiting for verification…
Cleaning up challenges
Unable to clean up challenge directory /code/printerqoe/backoffice/public/.well-known/acme-challenge
Attempting to renew cert (www.backoffice.myprintqoe.com ) from /etc/letsencrypt/renewal/www.backoffice.myprintqoe.com.conf produced an unexpected error: Failed authorization procedure. www.backoffice.myprintqoe.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.backoffice.myprintqoe.com/.well-known/acme-challenge/uKhtxwVeP59NdueWEtA3WSs96Zv02_TEcMDPewlLvhk: “\n\n\n \n <meta charset=”". Skipping.
My web server is (include version): nginx/1.10.3
The operating system my web server runs on is (include version): ubuntu 16.04 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.21.1
Hi @septian
that looks good. If you have a running webserver, webroot should always work.
I see, you have already testet your site via https://check-your-website.server-daten.de/?q=backoffice.myprintqoe.com .
That looks ok, your http is redirected to https, the last url has the (good) http status 404.
So it looks that your config uses the wrong webroot.
What's the content of
/etc/letsencrypt/renewal
and the renewal file of this domain?
file renewal : www.backoffice.myprintqoe.com.conf
##config file renewal www.backoffice.myprintqoe.com.conf
##renew_before_expiry = 30 days
version = 0.21.1
archive_dir = /etc/letsencrypt/archive/www.backoffice.myprintqoe.com
cert = /etc/letsencrypt/live/www.backoffice.myprintqoe.com/cert.pem
privkey = /etc/letsencrypt/live/www.backoffice.myprintqoe.com/privkey.pem
chain = /etc/letsencrypt/live/www.backoffice.myprintqoe.com/chain.pem
fullchain = /etc/letsencrypt/live/www.backoffice.myprintqoe.com/fullchain.pem
#Options used in the renewal process
[renewalparams]
authenticator = webroot
account = 48dc6fffb1263ea59c401bfd0bb1cebderq
installer = None
post_hook = service nginx reload
[[webroot_map]]
backoffice.myprintqoe.com = /code/printerqoe/backoffice/public
www.backoffice.myprintqoe.com = /code/printerqoe/backoffice/public
So this directory may be wrong or doesn't work.
Create two subdirectories
/code/printerqoe/backoffice/public/.well-known/acme-challenge
there add a file (file name 1234) and try to load this file via
http://backoffice.myprintqoe.com/.well-known/acme-challenge/1234
septian
February 4, 2019, 10:06am
5
JuergenAuer:
So this directory may be wrong or doesn’t work.
Create two subdirectories
/code/printerqoe/backoffice/public/.well-known/acme-challenge
there add a file (file name 1234) and try to load this file via
http://backoffice.myprintqoe.com/.well-known/acme-challenge/1234
I try it and enter word "TEST" in file 1234.txt :
https://backoffice.myprintqoe.com/.well-known/acme-challenge/1234.txt
get word "TEST"
The file name should be without extension.
So much more informations are required. Add the
-vvvv
verbose - flag, run it again and share the log
/var/log/letsencrypt/letsencrypt.log
septian
February 4, 2019, 11:55am
7
i run without extention and result : download file "1234"
and the log not move, this is the last log for letsencrypt.log :
2019-02-04 08:21:27,100:ERROR:certbot.renewal: /etc/letsencrypt/live/www.backoffice.myprintqoe.com/fullchain.pem (failure)
2019-02-04 08:21:27,100:INFO:certbot.hooks:Running post-hook command: service nginx reload
2019-02-04 08:21:27,465:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.21.1', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1240, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1142, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 443, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
This isn't a log. There are much more informations logged.
And update your certbot, 0.21 is very old.
rg305
February 4, 2019, 8:15pm
9
The http redirects to https.
And that ends up at: https://backoffice.myprintqoe.com/login
You need to exclude the challenge requests from such handling.
_az
February 4, 2019, 8:21pm
10
You can also try to make life a little easier on yourself by upgrading Certbot and opting for the nginx authenticator instead of the webroot one:
certbot renew --cert-name www.backoffice.myprintqoe.com -a nginx --dry-run
Failing that, you will need to manually setup a location route as suggested by @rg305 .
rg305
February 4, 2019, 8:25pm
11
_az:
upgrading Certbot
Always a good idea.
...and while you are updating/upgrading:
Server: nginx/1.10.3 (Ubuntu)
septian
February 5, 2019, 1:58pm
12
i try, it's work. thank you
1 Like
system
Closed
March 7, 2019, 1:58pm
13
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.