Failed renew cert

sundrik · November 23, 2019, 5:41pm

Hi,

I tried to renew my cert. But I get
type: unauthorized
detail: Invalid response from DOMAIN/blablabla

I tried to check debug log in /var/log/letsencrypt/letsencrypt.log
But nothing inside the log.

I’m looking for a way to fault search, but got stuck.

Help appreciated =)

rg305 · November 23, 2019, 5:48pm

Let me GUESS then…
You are using Apache. Somehow your config has changed since your last renewal.
You haven’t checked the config for correctness.
You haven’t ensured that http://DOMAIN/.well-known/acme-challenge/testfile reaches the file you placed there. Oh yeah, you never placed any test file there.

The gist here is if you really want help, then try to make it easy for someone to help you - not harder.

Let us help you by beginning at the beginning and answer all the questions that should have been presented to you when you opened this topic:
=============================================================================
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

sundrik · November 23, 2019, 10:27pm

Hi, I run on nginx.

to update cert I do this:
sudo certbot certonly --webroot -w /var/www/html -d domain -d www.domain

I get the fault when doing this.
type: unauthorized
detail: Invalid response from DOMAIN/blablabla

I did it two month ago with no problem.

I use this tutorial now with same error.

I double checked that the nging config file is correct with domain and checked it with "sudo nginx -t"

I was hopinf for a log file, but I can't find one.

rg305 · November 23, 2019, 11:12pm

look for log file as:
/var/log/letsencrypt/letsencrypt.log

rg305 · November 23, 2019, 11:14pm

Then this

is NOT the webroot for

check your vhost config to see what is the real webroot.

sundrik · November 23, 2019, 11:45pm

Strange, I had it working flawless before. I got this in my nginx conf
# SSL Configuration
location ~ /.well-known {
allow all;
root /var/www/html;
}

This also before SSL conf-line.
# RSA certificate
ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;

rg305 · November 24, 2019, 2:02am

In your port 80 vhost config, what is the root set to?
[Please show the config file]

sundrik · November 25, 2019, 4:16pm

upstream site_server {

    server unix:/home/user/projects/site/gunicorn.sock fail_timeout=10s;

}

server {
listen 8002;
listen [::]:80;

    # Redirect non-https traffic to https
    if ($scheme != "https") {
            return 301 https://$host$request_uri;
    }

}

server {
listen 443 ssl;
access_log /home/user/projects/logs/site_access.log;
error_log /home/user/projects/logs/site_error.log info;

    server_name DOMAIN www.DOMAIN;
    client_max_body_size 10M;

    # RSA certificate
    ssl_certificate /etc/letsencrypt/live/site/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/site/privkey.pem;

    include /etc/letsencrypt/options-ssl-nginx.conf;

    location / {

    proxy_pass http://unix:/home/user/projects/site/gunicorn.sock;

    proxy_pass_header Server;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Real-IPP $remote_addr;
    proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;

    }

    location /static {

            alias /home/user/projects/site/static;

    }

    location /media {

            alias /home/user/projects/site/site/media;

    }

    # SSL Configuration
    location ~ /.well-known {
            allow all;
            root /var/www/html;
    }

}

rg305 · November 25, 2019, 11:20pm

That may not be providing the desired/(your expected) result.

Please make these paths and test files:
[paths]
mkdir /var/www/html/.well-known/
mkdir /var/www/html/.well-known/acme-challenge/
mkdir /var/www/html/acme-challenge/
[files - use any method - below is only one way (as example)]
sudo echo 'location1' > /var/www/html/.well-known/acme-challenge/testfile1234
sudo echo 'location2' > /var/www/html/acme-challenge/testfile1234
sudo echo 'location3' > /var/www/html/tesfile1234

Then see which text is returned with:
http://DOMAIN/.well-known/acme-challenge/testfile1234

Whichever location# is returned, that is the actual --webroot location you need to use.

system · December 25, 2019, 11:20pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Renew Certificate Failed Help	7	324	May 17, 2024
Attempting to renew cert Help	2	815	November 21, 2020
I wanted to renew my cert and got an error Help	8	497	April 27, 2023
Failed authorizations renew Help	21	1053	January 4, 2021
Certificate renewal fails Help	10	642	July 13, 2024

Failed renew cert

Related topics