Hay, I’m having some issues renewing of my domains. i get error:
Unable to clean up challenge directory /code/printerqoe/backoffice/public/.well-known/acme-challengewww.backoffice.myprintqoe.com ) from /etc/letsencrypt/renewal/www.backoffice.myprintqoe.com.conf produced an unexpected error: Failed authorization procedure. www.backoffice.myprintqoe.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.backoffice.myprintqoe.com/.well-known/acme-challenge/uKhtxwVeP59NdueWEtA3WSs96Zv02_TEcMDPewlLvhk: “\n\n\n \n <meta charset=”". Skipping.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: backoffice.myprintqoe.com
I ran this command: certbot renew
It produced this output:
Cert is due for renewal, auto-renewing…acme-v01.api.letsencrypt.org backoffice.myprintqoe.com www.backoffice.myprintqoe.com www.backoffice.myprintqoe.com ) from /etc/letsencrypt/renewal/www.backoffice.myprintqoe.com.conf produced an unexpected error: Failed authorization procedure. www.backoffice.myprintqoe.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.backoffice.myprintqoe.com/.well-known/acme-challenge/uKhtxwVeP59NdueWEtA3WSs96Zv02_TEcMDPewlLvhk: “\n\n\n \n <meta charset=”". Skipping.
My web server is (include version): nginx/1.10.3
The operating system my web server runs on is (include version): ubuntu 16.04 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.21.1
Hi @septian
that looks good. If you have a running webserver, webroot should always work.
I see, you have already testet your site via https://check-your-website.server-daten.de/?q=backoffice.myprintqoe.com .
That looks ok, your http is redirected to https, the last url has the (good) http status 404.
So it looks that your config uses the wrong webroot.
What's the content of
/etc/letsencrypt/renewal
and the renewal file of this domain?
file renewal : www.backoffice.myprintqoe.com.conf
##config file renewal www.backoffice.myprintqoe.com.conf #renew_before_expiry = 30 days
#Options used in the renewal processbackoffice.myprintqoe.com = /code/printerqoe/backoffice/publicwww.backoffice.myprintqoe.com = /code/printerqoe/backoffice/public
So this directory may be wrong or doesn't work.
Create two subdirectories
/code/printerqoe/backoffice/public/.well-known/acme-challenge
there add a file (file name 1234) and try to load this file via
http://backoffice.myprintqoe.com/.well-known/acme-challenge/1234
septian
February 4, 2019, 10:06am
5
JuergenAuer:
So this directory may be wrong or doesn’t work.
Create two subdirectories
/code/printerqoe/backoffice/public/.well-known/acme-challenge
there add a file (file name 1234) and try to load this file via
http://backoffice.myprintqoe.com/.well-known/acme-challenge/1234
I try it and enter word "TEST" in file 1234.txt :
https://backoffice.myprintqoe.com/.well-known/acme-challenge/1234.txt
get word "TEST"
The file name should be without extension.
So much more informations are required. Add the
-vvvv
verbose - flag, run it again and share the log
/var/log/letsencrypt/letsencrypt.log
septian
February 4, 2019, 11:55am
7
i run without extention and result : download file "1234"
and the log not move, this is the last log for letsencrypt.log :
2019-02-04 08:21:27,100:ERROR:certbot.renewal: /etc/letsencrypt/live/www.backoffice.myprintqoe.com/fullchain.pem (failure)
This isn't a log. There are much more informations logged.
And update your certbot, 0.21 is very old.
rg305
February 4, 2019, 8:15pm
9
The http redirects to https.https://backoffice.myprintqoe.com/login
You need to exclude the challenge requests from such handling.
_az
February 4, 2019, 8:21pm
10
You can also try to make life a little easier on yourself by upgrading Certbot and opting for the nginx authenticator instead of the webroot one:
certbot renew --cert-name www.backoffice.myprintqoe.com -a nginx --dry-run
Failing that, you will need to manually setup a location route as suggested by @rg305 .
rg305
February 4, 2019, 8:25pm
11
_az:
upgrading Certbot
Always a good idea.Server: nginx/1.10.3 (Ubuntu)
septian
February 5, 2019, 1:58pm
12
i try, it's work. thank you
1 Like
system
March 7, 2019, 1:58pm
13
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.