There are many threads with this same error, which basically makes the website unusable as the certificate is now out of date.
My specific situation is that while trying Lets Encrypt and certbot, I had created a test domain for thearcofluzerne.org. Our real domain is thearcofluzernecounty.org. Now we do not need that older domain. How can I tell the certbot script to NOT include that old domain? I’ve removed it from the conf file.
Error message while renewing:
> Unable to clean up challenge directory /home/thearc/.well-known/acme-challenge > Attempting to renew cert from /etc/letsencrypt/renewal/thearcofluzernecounty.org.conf produced an unexpected error: Failed authorization procedure. thearcofluzerne.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://thearcofluzerne.org/.well-known/acme-challenge/VGVNSv6zPP1oT7MxjJ-ZSjWVNFKLX09NapLcgSXAUnA: "<!DOCTYPE html>...". Skipping.
The text inside my file thearcofluzernecounty.org.conf is as follows:
# renew_before_expiry = 30 days version = 0.11.1 archive_dir = /etc/letsencrypt/archive/thearcofluzernecounty.org cert = /etc/letsencrypt/live/thearcofluzernecounty.org/cert.pem privkey = /etc/letsencrypt/live/thearcofluzernecounty.org/privkey.pem chain = /etc/letsencrypt/live/thearcofluzernecounty.org/chain.pem fullchain = /etc/letsencrypt/live/thearcofluzernecounty.org/fullchain.pem # Options used in the renewal process [renewalparams] authenticator = webroot installer = None account = 51ab0aa536a6ad6568546ed62976de99 post_hook = service nginx reload [[webroot_map]] thearcofluzernecounty.org = /home/thearc
The directory /home/thearc (root folder) has 755 chmod-ed .well-known/acme-challenge/ directories. But this doesn’t work, because the cert is outdated now? It shows me the usual Chrome error message as you can see for yourself:
How can I renew this cert? The certbot-auto is fairly useless.