My domain is: https://support.ecomsilio.de
I ran this command: ./opt/letsencrypt/letsencrypt-auto renew
It produced this output:
[Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/support.ecomsilio.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for support.ecomsilio.de
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (support.ecomsilio.de) from /etc/letsencrypt/renewal/support.ecomsilio.de.conf produced an unexpected error: Failed authorization procedure. support.ecomsilio.de (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested d428ef7b112fadd19020b508a8ce6b50.5ffee2b7d2748753fe6fbba82d7c4af9.acme.invalid from 82.165.67.88:443. Received 2 certificate(s), first certificate had names "support.ecomsilio.de". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/support.ecomsilio.de/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/support.ecomsilio.de/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: support.ecomsilio.de
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
d428ef7b112fadd19020b508a8ce6b50.5ffee2b7d2748753fe6fbba82d7c4af9.acme.invalid
from 82.165.67.88:443. Received 2 certificate(s), first certificate
had names "support.ecomsilio.de"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Further Information
Certbot Version: 0.27.1
My web server is (include version): 1&1 cloud server
The operating system my web server runs on is (include version): CentOS 7
My hosting provider, if applicable, is: 1&1
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The SSL certificate should be renewed automatically by a cronjob
* 2 * * 7 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
I was surprised when I received an email that the ssl certificate would expire soon. I ran the command but received the error above.
The installation was done as follows:
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
cd /opt/letsencrypt
./letsencrypt-auto --nginx -d support.ecomsilio.de
Wenn asked Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access I chose option 2:
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/zammad.conf
zammad.conf contains the following:
server {
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/support.ecomsilio.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/support.ecomsilio.de/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = support.ecomsilio.de) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name support.ecomsilio.de;
return 404; # managed by Certbot
}
The server only has a IPv4 address.
I have tried to run as sudo and also with the option --preferred-challenges but so far I didn’t had any luck. Any ideas?
Thanks very much in advance,
Gijs