Please fill out the fields below so we can help you better.
My domain is:
I ran this command:
sudo certbot renew
It produced this output:
Attempting to renew cert from /etc/letsencrypt/renewal/registry.agidevelopment.com.conf produced an unexpected error: Failed authorization procedure. registry.agidevelopment.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://registry.agidevelopment.com/.well-known/acme-challenge/iEXQhGpo6m4hdW-PRcctAoeffXTVdV1l0Jt8vzzT8Us: "
404 Not Found
404 Not Found
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no, I’m using SSH
One potential issue - we set this up a while ago, and I fear certbot functionality may have changed and our existing setup is not in the proper format. i have no issue in removing and reinstalling if that’s what’s needed.
Thanks in advance!
One more piece of info - I’m running nginx in a docker container… with file locations mapped out from the container
If you look at the file
/etc/letsencrypt/renewal/registry.agidevelopment.com.conf, there is a webroot directory defined. This is meant to point at a directory from which your existing web server is serving web content, corresponding to the top level of your web site. You should check if that location is correct and if Certbot would be able to write files into it which would then appear on your web site.
If you don’t see any problems with that, we can suggest other things to test to narrow down the problem.
Since you’re using Docker, it could well be a file/path mapping issue, where the directory mapping might have changed somehow since you first got the certificate (or the web server configuration could have changed to use a different directory for serving the web site content).
Thanks for the quick reply -
So I’m running the containers, and can attach and see the nginx web_root is mapped from the container to the host, and can access/write to it… I also see .well-known directory was just created in there… but still no renewal.
Can you advise on next steps?
Sure, you should make a file
.well-known/acme-challenge/test.txt under your webroot directory and then see if you can see it at
I did that and:
This site can’t be reached
registry.agidevelopment.com refused to connect.
One more piece of information -
when we installed letsencrypt, originally, it’s installed to ~/.local/share/letsencrypt. There’s also a certbot-auto executable in the user’s home directory. If I run that (./certbot-auto renew) I get:
registrar@registry:~$ ./certbot-auto renew
Error: couldn't get currently installed version for /home/registrar/.local/share/letsencrypt/bin/letsencrypt:
Traceback (most recent call last):
File "/home/registrar/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module>
from certbot.main import main
File "/home/registrar/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 13, in <module>
from acme import jose
File "/home/registrar/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/__init__.py", line 37, in <module>
from acme.jose.interfaces import JSONDeSerializable
File "/home/registrar/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/interfaces.py", line 9, in <module>
from acme.jose import util
File "/home/registrar/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/util.py", line 4, in <module>
from cryptography.hazmat.primitives.asymmetric import rsa
File "/home/registrar/.local/share/letsencrypt/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py", line 14, in <module>
from cryptography.hazmat.backends.interfaces import RSABackend
File "/home/registrar/.local/share/letsencrypt/local/lib/python2.7/site-packages/cryptography/hazmat/backends/__init__.py", line 7, in <module>
File "/home/registrar/.local/share/letsencrypt/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 36, in <module>
File "/usr/lib/python2.7/plistlib.py", line 62, in <module>
ImportError: No module named datetime
Does that help? Should we reinstall?
I think I see our issue - it looks like port 80 wasn’t running as of late in the container… You can close this. Thanks for the help.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.