Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: mail.eduardoarellano.com
I ran this command: sudo certbot --nginx certonly --preferred-challenges http -d mail.eduardoarellano.com --dry-run
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.eduardoarellano.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mail.eduardoarellano.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 37.187.22.237: Invalid response from http://mail.eduardoarellano.com/.well-known/acme-challenge/E9jfawM2dSWkp9svlQNHCh81Veh3LG_GWTIMguvO5Fg: 404
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: mail.eduardoarellano.com
Type: unauthorized
Detail: 37.187.22.237: Invalid response from
http://mail.eduardoarellano.com/.well-known/acme-challenge/E9jfawM2dSWkp9svlQNHCh81Veh3LG_GWTIMguvO5Fg:
404To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): Nginx
The operating system my web server runs on is (include version): Ubuntu 16.04.7 LTS (GNU/Linux 4.14.12-xxxx-std-ipv6-64 x86_64)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 0.31.0
Nginx conf file:
#upstream php_workers {
#server unix:/var/run/php-fpm.socket;
#}
#HTTP
server {
listen 80;
server_name mail.eduardoarellano.com;
location ^/(?!\.well-known) { # skip challenge requests
return 301 https://$host$request_uri; # send all requests to HTTPS
}# location
#root /var/www/html;
index index.php index.html index.htm;
location / {
#root /var/www/html;
root /var/www/;
}
# Normal PHP scripts
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass php_workers;
}
# Redirect webmail/SOGo/iredadmin to HTTPS
location ~ ^/mail { rewrite ^ https://$host$request_uri?; }
location ~* ^/sogo { rewrite ^ https://$host/SOGo; }
location ~ ^/iredadmin { rewrite ^ https://$host$request_uri?; }
# Deny all attempts to access hidden files such as .htaccess.
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Handling noisy favicon.ico messages
location = /favicon.ico {
access_log off;
log_not_found off;
}
}
#HTTPS
server {
listen 443;
server_name mail.eduardoarellano.com;
#ssl on;
ssl_certificate /etc/letsencrypt/live/mail.eduardoarellano.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.eduardoarellano.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mail.eduardoarellano.com/chain.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.php index.html index.htm;
location / {
#root /var/www/html;
root /var/www;
}
# Deny all attempts to access hidden files such as .htaccess.
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Handling noisy favicon.ico messages
location = ^/favicon.ico {
access_log off;
log_not_found off;
}
# Roundcube webmail
location ~ ^/mail(.*)\.php$ {
include fastcgi_params;
fastcgi_pass php_workers;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/apache2/roundcubemail$1.php;
}
location ~ ^/mail(.*) {
alias /usr/share/apache2/roundcubemail$1;
index index.php;
}
location ~ ^/mail/(bin|SQL|README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { deny all; }
# Normal PHP scripts
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass php_workers;
}
# iRedAdmin: static files under /iredadmin/static
location ~ ^/iredadmin/static/(.*)\.(png|jpg|gif|css|js) {
alias /usr/share/apache2/iredadmin/static/$1.$2;
}
# iRedAdmin: Python scripts
location ~ ^/iredadmin(.*) {
rewrite ^/iredadmin(/.*)$ $1 break;
include uwsgi_params;
uwsgi_pass unix:/var/run/uwsgi_iredadmin.socket;
uwsgi_param UWSGI_CHDIR /usr/share/apache2/iredadmin;
uwsgi_param UWSGI_SCRIPT iredadmin;
uwsgi_param SCRIPT_NAME /iredadmin;
}
# iRedAdmin: redirect /iredadmin to /iredadmin/
location = /iredadmin {
rewrite ^ /iredadmin/;
}
# SOGo
location ~ ^/sogo { rewrite ^ https://$host/SOGo; }
location ~ ^/SOGO { rewrite ^ https://$host/SOGo; }
# For IOS 7
location = /principals/ {
rewrite ^ https://$server_name/SOGo/dav;
allow all;
}
location ^~ /SOGo {
proxy_pass http://127.0.0.1:20000;
#proxy_redirect http://127.0.0.1:20000/SOGo/ /SOGo;
# forward user's IP address
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header Host $host;
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
#proxy_set_header x-webobjects-remote-host 127.0.0.1;
#proxy_set_header x-webobjects-server-name $server_name;
#proxy_set_header x-webobjects-server-url $scheme://$host;
}
location ^~ /Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
proxy_redirect http://127.0.0.1:20000/Microsoft-Server-ActiveSync /;
}
location ^~ /SOGo/Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
proxy_redirect http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync /;
}
location /SOGo.woa/WebServerResources/ {
alias /usr/lib/GNUstep/SOGo/WebServerResources/;
}
location /SOGo/WebServerResources/ {
alias /usr/lib/GNUstep/SOGo/WebServerResources/;
}
location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ {
alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
}
}
So this has been working for years without problem until today. I have never encountered this error on any renewal up to today and I have not changed the conf file at all and I do not have an AAAA record in my dns record. My ip seems to be configured correctly
Any help would be much appreciated