Hi @ricky.wang
if you want to use the renew command, you can't use this setup:
manual in combination with dns-01 means: You have to create the dns entry manual.
So use
certbot -d chinafutea.com -d www.chinafutea.com --preferred-challenges dns
But checking your domain there is only one old Letsencrypt certificate ( https://check-your-website.server-daten.de/?q=chinafutea.com ):
| CRT-Id | Issuer | not before | not after | Domain names | LE-Duplicate | next LE |
|---|---|---|---|---|---|---|
| 1036821997 | CN=Encryption Everywhere DV TLS CA - G1, OU=www.digicert.com, O=DigiCert Inc, C=US | 2018-11-28 23:00:00 | 2019-11-29 11:00:00 | chinafutea.com, www.chinafutea.com | ||
| 2 entries | ||||||
| 983557236 | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | 2018-11-28 09:33:07 | 2019-02-26 09:33:07 | chinafutea.com | ||
| 1 entries |
You don't use that certificate, it's expired.
So do you really need dns-01 validation? Doesn't http-01 validation works?
Your port 80 is open and answers correct.
| Domainname | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • http://www.chinafutea.com/ | ||||
| 54.84.18.95 | 200 | 0.943 | H | |
| • http://www.chinafutea.com/ | ||||
| 54.88.167.222 | 200 | 0.930 | H | |
| • https://www.chinafutea.com/ | ||||
| 54.84.18.95 | 200 | 3.296 | I | |
| • https://www.chinafutea.com/ | ||||
| 54.88.167.222 | 200 | 1.704 | I | |
| • http://www.chinafutea.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de | ||||
| 54.84.18.95 | 404 | 0.790 | A | |
| Not Found |
But your non-www version doesn't have a dns entry.
So:
- Add a dns A entry
chinafutea.com - Try
certbot -d www.chinafutea.com -d chinafutea.com --nginx
That should work, then Certbot should update your config file.