Failed to renew certificate <domain> with error: some challenges have failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: homeperks.com

I ran this command: /opt/scripts/cron_alerts.sh /usr/bin/certbot renew --post-hook /opt/scripts/haproxy_concatonate.sh

It produced this output:

Challenge failed for domain pge.homeperks.com
http-01 challenge for pge.homeperks.com
Cleaning up challenges
Failed to renew certificate homeperks.com with error: Some challenges have failed.
Starting new HTTP connection (1): r3.o.lencr.org
Cert not yet due for renewal
Starting new HTTP connection (1): r3.o.lencr.org
Cert not yet due for renewal
Starting new HTTP connection (1): r3.o.lencr.org
Cert not yet due for renewal
Starting new HTTP connection (1): r3.o.lencr.org
Cert not yet due for renewal
Starting new HTTP connection (1): r3.o.lencr.org
Cert not yet due for renewal
Starting new HTTP connection (1): r3.o.lencr.org
Cert not yet due for renewal
Starting new HTTP connection (1): r3.o.lencr.org
Cert not yet due for renewal
Starting new HTTP connection (1): r3.o.lencr.org
Cert not yet due for renewal
Starting new HTTP connection (1): r3.o.lencr.org
Cert not yet due for renewal
Starting new HTTP connection (1): r3.o.lencr.org
Cert not yet due for renewal
Starting new HTTP connection (1): r3.o.lencr.org
Cert not yet due for renewal
Starting new HTTP connection (1): r3.o.lencr.org
Cert not yet due for renewal
Starting new HTTP connection (1): r3.o.lencr.org
Cert not yet due for renewal
Starting new HTTP connection (1): r3.o.lencr.org
Cert not yet due for renewal
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/homeperks.com/fullchain.pem (failure)
Running post-hook command: /opt/scripts/haproxy_concatonate.sh
1 renew failure(s), 0 parse failure(s)

My web server is (include version): Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): CentOS Linux release 7.9.2009 (Core)

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

Hi @dkenn256,

Could you try just running sudo certbot renew --dry-run and then show us the output of that command?

This is totally unrelated to the renewal failure, but this is a misspelling of "concatenate", which means "to chain together", from "catena".

https://en.wiktionary.org/wiki/catena#Latin


Processing /etc/letsencrypt/renewal/homeperks.com.conf


Starting new HTTP connection (1): r3.o.lencr.org
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Simulating renewal of an existing certificate for homeperks.com and 3 more domains
Performing the following challenges:
http-01 challenge for duke.homeperks.com
http-01 challenge for homeperks.com
http-01 challenge for pge.homeperks.com
http-01 challenge for www.homeperks.com
Waiting for verification...
Challenge failed for domain pge.homeperks.com
http-01 challenge for pge.homeperks.com
Cleaning up challenges
Failed to renew certificate homeperks.com with error: Some challenges have failed.

pge.homeperks.com is on a different server from all the rest, according to your DNS records.

Yeah, and that's the problem right there! Doh. Thanks for helping!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.