Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: imagesvanuatu.com

I ran this command: sudo certbot certonly

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?

1: Apache Web Server plugin - Beta (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): 3
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): imagesvanuatu.com,www.imagesvanuatu.com
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for imagesvanuatu.com
http-01 challenge for www.imagesvanuatu.com
Input the webroot for imagesvanuatu.com: (Enter ‘c’ to cancel): /opt/bitnami/apache2/htdocs/imagesvanuatu.com

Select the webroot for www.imagesvanuatu.com:

1: Enter a new webroot
2: /opt/bitnami/apache2/htdocs/imagesvanuatu.com

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. imagesvanuatu.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://imagesvanuatu.com.well-known/acme-challenge/aIkHcO8573I21WUSvU-K3G00GHS2M-86wPG2ietRD6M: Error getting validation data, www.imagesvanuatu.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://imagesvanuatu.com.well-known/acme-challenge/oWhlrb85zQmPkeJHlHLg6TUWYBgd0OqIVK61xBcfcQU: Error getting validation data

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: imagesvanuatu.com
  Type: connection
  Detail: Fetching
  https://imagesvanuatu.com.well-known/acme-challenge/aIkHcO8573I21WUSvU-K3G00GHS2M-86wPG2ietRD6M:
  Error getting validation data

  Domain: www.imagesvanuatu.com
  Type: connection
  Detail: Fetching
  https://imagesvanuatu.com.well-known/acme-challenge/oWhlrb85zQmPkeJHlHLg6TUWYBgd0OqIVK61xBcfcQU:
  Error getting validation data

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you’re using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided.

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-1060-aws x86_64)

My hosting provider, if applicable, is: Amazon LightSail

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

In addition:
My keys are stored in /etc/letsencrypt/keys
/etc/letsencrypt/renewal/imagesvanuatu.com.conf has:

renew_before_expiry = 30 days

version = 0.26.1
archive_dir = /etc/letsencrypt/archive/imagesvanuatu.com
cert = /etc/letsencrypt/live/imagesvanuatu.com/cert.pem
privkey = /etc/letsencrypt/live/imagesvanuatu.com/privkey.pem
chain = /etc/letsencrypt/live/imagesvanuatu.com/chain.pem
fullchain = /etc/letsencrypt/live/imagesvanuatu.com/fullchain.pem

Options used in the renewal process

[renewalparams]
server = https://acme-v02.api.letsencrypt.org/directory
account = 87aa472feb5ceb9c1e8485a988ccece4
authenticator = webroot
[[webroot_map]]
www.imagesvanuatu.com = /opt/bitnami/apache2/htdocs/imagesvanuatu.com
imagesvanuatu.com = /opt/bitnami/apache2/htdocs/imagesvanuatu.com

When I try to renew I get an error because it is challenging the .well-known folder in the website folder - and there is no .well-known folder in the imagesvanuatu.com folder.

When I use sudo certbot certonly I expected to see an option to keep the existing certificate for now or renew and replace the certificate - but certbot just started the renew process (and failed). I wanted to try to replace the certificate to try to fix whatever the problem is.

I’m having this problem on all my lightsail hosted websites. The certificates installed fine when I set it up but they are not auto-renewing and the certificates will expire next week.

You have a dodgy redirect - https://letsdebug.net/www.imagesvanuatu.com/11916

You’re going to want to look for something that looks like:

Redirect permanent https://imagesvanuatu.com

and change it to:

Redirect permanent https://imagesvanuatu.com/

(trailing slash).

YES!!! Thank you _az, that was exactly the problem. I fixed it and the certificates renewed successfully.

Richard

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.