Hi all,
certbot can not renew a certificate using webroot option due to unauthorized error. The webroot is /usr/www/letsencrypt.
I tried using option 1 (Spin up temporary webserver: standalon) but it produced similar error (see below output).
My domain is: git.sky-echo.space
I ran this command: ./certbot-auto certonly -d git.sky-echo.space - sky-echo.space
(Oddly, running: “./certbot-auto certonly -d git.sky-echo.space” worked just fine, but the https did not show in the browser, so I tried to expand the list of domains using the comand above.)
It produced this output:
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Plugins selected: Authenticator standalone, Installer None
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/git.sky-echo.space.conf)
It contains these names: git.sky-echo.space
You requested these names for the new certificate: git.sky-echo.space,
sky-echo.space.
Do you want to expand and replace this existing certificate with the new
certificate?
(E)xpand/©ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for sky-echo.space
Waiting for verification…
Challenge failed for domain sky-echo.space
http-01 challenge for sky-echo.space
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: sky-echo.space
\n \n <meta name=\"viewport\" content=\"width=device"
Type: unauthorized
Detail: Invalid response from
http://sky-echo.space/.well-known/acme-challenge/INbsmdLJ_EdVAjnYGrwsAs6IdIG7zzLZuMhkqzyUBQ0
[217.70.184.38]: "\n<html class=“no-js” lang=en>\nTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):