Try this for me:
certbot renew --installer null --dry-run --preferred-challenges http --webroot -w /var/www/owncloud
Four FQDNS:
But only three failed?:
So...
The CLOUD.XXX.DE did NOT fail?
What are the webroots for WEB, SOLAR, & WEBMAIL ?
the webroot's are on another server (IIS under Windows) , for this sites nginx is reverseproxy.
Are you handling the /.well-known/acme-challenge/ requests at the proxy or passing them to the Windows system?
until now ther was no entry, so I think it passed throug.
i have changed the fist section of the config files
from this
to this
i created the folder "/var/www/letsencrypt/solar"
and tried this again
"certbot renew --installer null --dry-run --preferred-challenges http --webroot -w /var/www/owncloud"
now I get this messages
# certbot renew --installer null --dry-run --preferred-challenges http --webroot -w /var/www/owncloud
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/cloud.xxx.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer null
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for cloud.xxx.de
http-01 challenge for solar.xxx.de
http-01 challenge for web.xxx.de
http-01 challenge for webmail.xxx.de
Using the webroot path /var/www/owncloud for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (cloud.xxx.de) from /etc/letsencrypt/renewal/cloud.xxx.de.conf produced an unexpected error: Failed authorization procedure. solar.xxx.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://solar.xxx.de/.well-known/acme-challenge/YDuUdZ5Stsk6tFx7OOToMuVYkhrVo6Vo63aC_dNjAgE: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>", webmail.xxx.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://webmail.xxx.de/.well-known/acme-challenge/d71w57ByCopixZULJUgevVczhXR6eopcAaNqV-vi_SY: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>", web.xxx.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://web.xxx.de/.well-known/acme-challenge/rGEsCu9SjHlWxvWsOIdp88iuT33-Gj3LNI1lGpHVfwE: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/cloud.xxx.de/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/cloud.xxx.de/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: solar.xxx.de
Type: unauthorized
Detail: Invalid response from
http://solar.xxx.de/.well-known/acme-challenge/YDuUdZ5Stsk6tFx7OOToMuVYkhrVo6Vo63aC_dNjAgE:
"<html>\r\n<head><title>404 Not Found</title></head>\r\n<body
bgcolor=\"white\">\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>"
Domain: webmail.xxx.de
Type: unauthorized
Detail: Invalid response from
http://webmail.xxx.de/.well-known/acme-challenge/d71w57ByCopixZULJUgevVczhXR6eopcAaNqV-vi_SY:
"<html>\r\n<head><title>404 Not Found</title></head>\r\n<body
bgcolor=\"white\">\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>"
Domain: web.xxx.de
Type: unauthorized
Detail: Invalid response from
http://web.xxx.de/.well-known/acme-challenge/rGEsCu9SjHlWxvWsOIdp88iuT33-Gj3LNI1lGpHVfwE:
"<html>\r\n<head><title>404 Not Found</title></head>\r\n<body
bgcolor=\"white\">\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
If these don't match, it will fail:
Since different sites are using different webroots, you will need to either:
- use separate cert renewal commands (grouped by common webroots)
[which will create separate certs] - specify which webroot goes with which domain (one-to-one)
[like: -w webroot1 -d domain1 -w webroot2 -d domain2 -w webroot3 -d domain3]
It seems ok now,
I tried it without webroot option
and now everything themes to work
# certbot renew --installer null --dry-run --preferred-challenges http
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/cloud.xxx.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer null
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for cloud.xxx.de
http-01 challenge for solar.xxx.de
http-01 challenge for web.xxx.de
http-01 challenge for webmail.xxx.de
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of null server; fullchain is
/etc/letsencrypt/live/cloud.xxx.de/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/cloud.xxx.de/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
.
Thanks alot for your help.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.