Failing to renew / can't install fresh. Worked OK last month


#1

My shared hosting has Let’s Encrypt integrated in CPanel and I installed certs on 4 domains with no problem a couple of months ago. One main domain and 3 sub-domains… The certs all auto-renewed just fine last month.

But this month they are failing auto-renew. I went into CPanel and on the two that were up for renewal they both showed Not installed. I clicked on re-install and got an unhelpful error but they both then showed installed but both of the expiration dates were still in Jan 2017 so it definitely didn’t do the renewal.

I then tried removing the cert from the one domain that I am setting up that doesn’t have anything other than place holder data (that is the main domain on the hosting). I then tried to install a new cert and got the following error:

There was a problem processing your request

Error issuing certificate
Failed to issue certificate
The Let's Encrypt HTTP challenge failed: acme error 'urn:acme:error:unauthorized': Invalid response from http://mail.diybbb.co.technology/.well-known/acme-challenge/bDvTcm1sol_O6Zo6k4cAzvrfrcfaUxoutuD2GcviWAI: "<!DOCTYPE html> <html style="height:100%"> <head><title> 404 Not Found </title></head> <body style="color: #444; margin:0;font:"

under public_html/.well-known/acme-challenge the directory is empty. This is for the primary domain on the host.

Under sub-domain.com/.well-known/acme-challenge the directory is also empty. This is my live domain for one of my sub-domains on the same host.

I have sent a support request to the hosting company but thought I would ask here to see if there is anything I can do to resolve this without the hosting company’s help?

Thanks,
Burt


#2

One thing you could try, while waiting for the hosting company, is to put a test file in those directories and see whether you can access it as expected from a web browser on the expected path. If you can, I’m not sure what more is worth trying before the hosting company’s IT support look into it, but if you cannot, you can diagnose that problem yourself, since most likely whatever makes it not work for you also blocks progress for Let’s Encrypt.


#3

Thanks,

I will try that just to see. But I expect that I can access files there OK. Assuming that the mail.foo.com… URL is correct for where the actual directory is located. I don’t see any permission or .htaccess issues that would be likely to block access.

Still it is worth a try.

Burt


#4

OK, when I tried to access a file in the acme-challenge directory I wasn’t able to which was a surprise.

So I commented out the part of the .htaccess file that was handling the mapping of non http URLs to https. Note that this has been working OK for months but just started giving a problem.

With that commented out I was able to access a test file I placed in acme-challenge directory OK.

But when I attempted to add the cert I got an “unknown” error message. But in this case CPanel is showing status of Not installed but the Expiry date is now 18 Mar 2017 where it was Jan before. And I see that is the same Expiry date for my sub-domain which was also Jan 2017 earlier.

Edit 12/19/2017 - I went back and placed the test text file in the acme-challenge directories under the sub-domains and I was able to access the test file from those domains, except that 2 of them don’t have an email.domain.com with the SSL cert that was issued originally. The domains that I attempted to update or add as new both had email.domain.com listed for each of the domains when I was dealing with the certs, and I can access the test file specifying mail.domain.com/...acme-challenge/textfile. Still waiting for the host support to get back on my request.

So I guess at this point I’ll wait and see what the hosting support has to say about the problem.

Unless you can suggest anything else of course.

Thanks,
Burt


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.