Abi95
June 14, 2022, 12:27am
1
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: nucleuswealth.com
I ran this command: sudo certbot renew
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/nucleuswealth.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for nucleuswealth.com
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: nucleuswealth.com
Type: connection
Detail: 52.63.10.5: Fetching http://nucleuswealth.com/.well-known/acme-challenge/h1U_EtEhsbzCi49JbZwFfB_ebGmtTP89Mb2LQ_k1psk: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Failed to renew certificate nucleuswealth.com with error: Some challenges have failed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/nucleuswealth.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): Apache/2.4.41 (Ubuntu)
The operating system my web server runs on is (include version): (Ubuntu)
My hosting provider, if applicable, is: AWS ec2
I can login to a root shell on my machine (yes or no, or I don't know): Yes, via terminal
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 1.28.0
rg305
June 14, 2022, 12:37am
2
Hi @Abi95 , and welcome to the LE community forum
Please show the output of:
apachectl -t -D DUMP_VHOSTS
4 Likes
Abi95
June 14, 2022, 12:41am
3
Hi @rg305 , thank you!
VirtualHost configuration:
*:443 nucleuswealth.com (/etc/apache2/sites-enabled/wordpress-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server nucleuswealth.com (/etc/apache2/sites-enabled/wordpress-le-ssl.conf:42)
port 80 namevhost nucleuswealth.com (/etc/apache2/sites-enabled/wordpress-le-ssl.conf:42)
alias www.nucleuswealth.com
port 80 namevhost nucleuswealth.com (/etc/apache2/sites-enabled/wordpress.conf:1)
1 Like
rg305
June 14, 2022, 12:47am
4
As I suspected, there is a name:port
overlap/conflict that Apache
has allowed to go unnoticed:
port 80 namevhost nucleuswealth.com (/etc/apache2/sites-enabled/wordpress-le-ssl.conf:42)
port 80 namevhost nucleuswealth.com (/etc/apache2/sites-enabled/wordpress.conf:1)
We should review both files and keep only whichever HTTP section makes more sense of the two.
4 Likes
Abi95
June 14, 2022, 12:59am
5
@rg305
I've removed the overlapping conflict but the issue has not been solved.
Here's my apachectl -t -D DUMP_VHOSTS:
VirtualHost configuration:
*:443 nucleuswealth.com (/etc/apache2/sites-enabled/wordpress-le-ssl.conf:2)
*:80 nucleuswealth.com (/etc/apache2/sites-enabled/wordpress-le-ssl.conf:42)
Error message:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/nucleuswealth.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for nucleuswealth.com
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: nucleuswealth.com
Type: connection
Detail: 52.63.10.5: Fetching http://nucleuswealth.com/.well-known/acme-challenge/W7hk1NJgRh6BNE9t0lcTaGaNRhSubTggjHPWToZGBd0: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Failed to renew certificate nucleuswealth.com with error: Some challenges have failed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/nucleuswealth.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Abi95
June 14, 2022, 7:54am
6
Would it be best to remove letsencrypt completely and reinstall it?
It worked!!!
2 Likes
system
Closed
July 14, 2022, 7:54am
7
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.