Error Invalid response when renew


#1

Hay, I’m having some issues renewing of my domains. i get error:

Unable to clean up challenge directory /code/printerqoe/backoffice/public/.well-known/acme-challenge
Attempting to renew cert (www.backoffice.myprintqoe.com) from /etc/letsencrypt/renewal/www.backoffice.myprintqoe.com.conf produced an unexpected error: Failed authorization procedure. www.backoffice.myprintqoe.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.backoffice.myprintqoe.com/.well-known/acme-challenge/uKhtxwVeP59NdueWEtA3WSs96Zv02_TEcMDPewlLvhk: “\n\n\n \n <meta charset=”". Skipping.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: backoffice.myprintqoe.com

I ran this command: certbot renew

It produced this output:
Processing /etc/letsencrypt/renewal/www.backoffice.myprintqoe.com.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for backoffice.myprintqoe.com
http-01 challenge for www.backoffice.myprintqoe.com
Waiting for verification…
Cleaning up challenges
Unable to clean up challenge directory /code/printerqoe/backoffice/public/.well-known/acme-challenge
Attempting to renew cert (www.backoffice.myprintqoe.com) from /etc/letsencrypt/renewal/www.backoffice.myprintqoe.com.conf produced an unexpected error: Failed authorization procedure. www.backoffice.myprintqoe.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.backoffice.myprintqoe.com/.well-known/acme-challenge/uKhtxwVeP59NdueWEtA3WSs96Zv02_TEcMDPewlLvhk: “\n\n\n \n <meta charset=”". Skipping.

My web server is (include version): nginx/1.10.3

The operating system my web server runs on is (include version): ubuntu 16.04 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.21.1


#2

Hi @septian

that looks good. If you have a running webserver, webroot should always work.

I see, you have already testet your site via https://check-your-website.server-daten.de/?q=backoffice.myprintqoe.com .

That looks ok, your http is redirected to https, the last url has the (good) http status 404.

So it looks that your config uses the wrong webroot.

What’s the content of

/etc/letsencrypt/renewal

and the renewal file of this domain?


#3

file renewal : www.backoffice.myprintqoe.com.conf

##config file renewal www.backoffice.myprintqoe.com.conf
##renew_before_expiry = 30 days
version = 0.21.1
archive_dir = /etc/letsencrypt/archive/www.backoffice.myprintqoe.com
cert = /etc/letsencrypt/live/www.backoffice.myprintqoe.com/cert.pem
privkey = /etc/letsencrypt/live/www.backoffice.myprintqoe.com/privkey.pem
chain = /etc/letsencrypt/live/www.backoffice.myprintqoe.com/chain.pem
fullchain = /etc/letsencrypt/live/www.backoffice.myprintqoe.com/fullchain.pem

#Options used in the renewal process
[renewalparams]
authenticator = webroot
account = 48dc6fffb1263ea59c401bfd0bb1cebderq
installer = None
post_hook = service nginx reload
[[webroot_map]]
backoffice.myprintqoe.com = /code/printerqoe/backoffice/public
www.backoffice.myprintqoe.com = /code/printerqoe/backoffice/public


#4

So this directory may be wrong or doesn’t work.

Create two subdirectories

/code/printerqoe/backoffice/public/.well-known/acme-challenge

there add a file (file name 1234) and try to load this file via

http://backoffice.myprintqoe.com/.well-known/acme-challenge/1234

#5

I try it and enter word “TEST” in file 1234.txt :

https://backoffice.myprintqoe.com/.well-known/acme-challenge/1234.txt

get word “TEST”


#6

The file name should be without extension.

So much more informations are required. Add the

-vvvv

verbose - flag, run it again and share the log

/var/log/letsencrypt/letsencrypt.log

#7

i run without extention and result : download file “1234”

and the log not move, this is the last log for letsencrypt.log :

2019-02-04 08:21:27,100:ERROR:certbot.renewal: /etc/letsencrypt/live/www.backoffice.myprintqoe.com/fullchain.pem (failure)
2019-02-04 08:21:27,100:INFO:certbot.hooks:Running post-hook command: service nginx reload
2019-02-04 08:21:27,465:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.21.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1240, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1142, in renew
renewal.handle_renewal_request(config)
File “/usr/lib/python3/dist-packages/certbot/renewal.py”, line 443, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)


#8

This isn’t a log. There are much more informations logged.

And update your certbot, 0.21 is very old.


#9

The http redirects to https.
And that ends up at: https://backoffice.myprintqoe.com/login

You need to exclude the challenge requests from such handling.


#10

You can also try to make life a little easier on yourself by upgrading Certbot and opting for the nginx authenticator instead of the webroot one:

certbot renew --cert-name www.backoffice.myprintqoe.com -a nginx --dry-run

Failing that, you will need to manually setup a location route as suggested by @rg305.


#11

Always a good idea.
…and while you are updating/upgrading:
Server: nginx/1.10.3 (Ubuntu)


#12

i try, it’s work. thank you


closed #13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.