Error - renew SSL certificate whith certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: 642f07948b0f.sn.mynetname.net

I ran this command: certbot renew

It produced this output: Saving debug log to C:\Certbot\log\letsencrypt.log


Processing C:\Certbot\renewal\642f07948b0f.sn.mynetname.net.conf


Renewing an existing certificate for 642f07948b0f.sn.mynetname.net

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: 642f07948b0f.sn.mynetname.net
Type: unauthorized
Detail: 181.198.213.18: Invalid response from http://642f07948b0f.sn.mynetname.net/.well-known/acme-challenge/sPnMDVr-AqDfLKD_Ux8qrQjIbOi_-LK_OJFH_589wdQ: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Failed to renew certificate 642f07948b0f.sn.mynetname.net with error: Some challenges have failed.


All renewals failed. The following certificates could not be renewed:
C:\Certbot\live\642f07948b0f.sn.mynetname.net\fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): I dont know about this.

The operating system my web server runs on is (include version): Windows Server 2016 Standard

My hosting provider, if applicable, is: I dont know about this.

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I dont know about this.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.18.0

We use laragon for laravel backend api, and is for flutter/android for frontend.

While that is a bit older version of certbot, rather than update it, you are going to want to find a new ACME client. Certbot is dropping its Windows support.

4 Likes

thanks, im going to update, if i need more help, please dont leave me, (sorry for my english)

1 Like

I update it, to Certbot 2.8.0, now i run this comand
certbot renew -v
and that gime me this:
certbot renew -v
Saving debug log to C:\Certbot\log\letsencrypt.log


Processing C:\Certbot\renewal\642f07948b0f.sn.mynetname.net.conf


Certificate is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate for 642f07948b0f.sn.mynetname.net
Performing the following challenges:
http-01 challenge for 642f07948b0f.sn.mynetname.net
Waiting for verification...
Challenge failed for domain 642f07948b0f.sn.mynetname.net
http-01 challenge for 642f07948b0f.sn.mynetname.net

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: 642f07948b0f.sn.mynetname.net
Type: unauthorized
Detail: 181.198.213.18: Invalid response from http://642f07948b0f.sn.mynetname.net/.well-known/acme-challenge/U2vTH3FtdNI6fWIdJxkdGbgAZej6PCRTlj7S-OaarsE: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Cleaning up challenges
Failed to renew certificate 642f07948b0f.sn.mynetname.net with error: Some challenges have failed.


All renewals failed. The following certificates could not be renewed:
C:\Certbot\live\642f07948b0f.sn.mynetname.net\fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

You miss the important part. You need to find another ACME client to replace Certbot. Certbot is dropping support for Windows.

You may also want to debug HTTP access to your webserver.

https://letsdebug.net/

4 Likes

What shows?:
httpd -t -D DUMP_VHOSTS

3 Likes
VirtualHost configuration:
*:80 is a NameVirtualHost
 default server Laragon (C:/laragon/etc/apache2/sites-enabled/00-default.conf:29)
 port 80 namevhost Laragon (C:/laragon/etc/apache2/sites-enabled/00-default.conf:29)
 port 80 namevhost AdmMovilApi.test (C:/laragon/etc/apache2/sites-enabled/auto.AdmMovilApi.test.conf:4)
      wild alias *.AdmMovilApi.test
 port 80 namevhost apiapolo2021.test (C:/laragon/etc/apache2/sites-enabled/auto.apiapolo2021.test.conf:4)
      wild alias *.apiapolo2021.test
*:8282 is a NameVirtualHost
 default server Laragon (C:/laragon/etc/apache2/sites-enabled/00-default.conf:35)
 port 8282 namevhost Laragon (C:/laragon/etc/apache2/sites-enabled/00-default.conf:35)
 port 8282 namevhost AdmMovilApi.test (C:/laragon/etc/apache2/sites-enabled/auto.AdmMovilApi.test.conf:14)
        wild alias *.AdmMovilApi.test
 port 8282 namevhost apiapolo2021.test (C:/laragon/etc/apache2/sites-enabled/auto.apiapolo2021.test.conf:14)
        wild alias *.apiapolo2021.test

Can you please recommend one to me?

There is no vhost to cover the name being requested:

You should have a working HTTP site before you try to secure it.

5 Likes

What shows?:
certbot certificates

2 Likes

I don't use Windows so I cannot reccomend one. I can share a link to a page that lists options. You will need to evaluate and decide on your own or with the guidance from members here who use Windows.

3 Likes

Saving debug log to C:\Certbot\log\letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: 642f07948b0f.sn.mynetname.net
    Serial Number: 49099d7d9091251fc53f355bae3593c6241
    Key Type: RSA
    Domains: 642f07948b0f.sn.mynetname.net
    Expiry Date: 2024-01-26 07:35:17+00:00 (INVALID: EXPIRED)
    Certificate Path: C:\Certbot\live\642f07948b0f.sn.mynetname.net\fullchain.pem
    Private Key Path: C:\Certbot\live\642f07948b0f.sn.mynetname.net\privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

oh, thanks, im goint to check

2 Likes

How did you get that cert?

Please show the renewal config file for it:

3 Likes

There are also specific examples given in the thread posted earlier. Look at the "Off Ramps" section on this page

5 Likes

On Windows systems, I've used "https://CertifyTheWeb.com/" without any issues :slight_smile:

4 Likes

its my jobs server, not mine, im a intern, and they send me to solve this

Ok, I understand.

4 Likes
# renew_before_expiry = 30 days
version = 1.18.0
archive_dir = C:\Certbot\archive\642f07948b0f.sn.mynetname.net
cert = C:\Certbot\live\642f07948b0f.sn.mynetname.net\cert.pem
privkey = C:\Certbot\live\642f07948b0f.sn.mynetname.net\privkey.pem
chain = C:\Certbot\live\642f07948b0f.sn.mynetname.net\chain.pem
fullchain = C:\Certbot\live\642f07948b0f.sn.mynetname.net\fullchain.pem

# Options used in the renewal process
[renewalparams]
account = 22a91d0747dd70730851089cdfa05d13
authenticator = webroot
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
642f07948b0f.sn.mynetname.net = C:\laragon\www\apiapolo2021\public