My domain is:wisdomquest.com

I ran this command:
certbot renew
It produced this output:
Attempting to renew cert (gonegourmet.ca) from /etc/letsencrypt/renewal/gonegourmet.ca.conf produced an unexpected error: Failed authorization procedure. gonegourmet.ca (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://gonegourmet.ca/.well-known/acme-challenge/58IZSHFm4nL86ZAbQy4zGtSxDkSVsXIkNijpPlUjr04 [199.195.144.56]: "\n\n404 Not Found\n\n

Not Found

\n<p". Skipping.
My web server is (include version):
Apache (MAMP Pro on a Mac)
The operating system my web server runs on is (include version):
Mac OS Big Sur
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi @BuckDuane,

You mentioned that your domain was wisdomquest.com, but this error is about a certificate for gonegourmet.ca. Both of those names do point to the same IP address; are they both your domains and both hosted on your Mac using Apache? Are both of the names configured independently with their own separate VirtualHosts somewhere in your Apache configuration? Did you add either of these sites or names to your server between the time that you originally created your certificate(s) and now?

Can you show us the contents of the file /etc/letsencrypt/renewal/gonegourmet.ca.conf? I'm especially interested in whether it's using Certbot's apache plugin or webroot plugin.

Yes, I have multiple domains. All failed with the same error. This has been working for several years. The various problems have arisen since updating to Big Sur.

All Reported errors

Domain: ashtangayogashuswap.com
Type: unauthorized
Detail: Invalid response from
https://ashtangayogashuswap.com/.well-known/acme-challenge/bO-ZA2_98m7n6nplm38mS6_I_fl3KcxgBbFoGynd-UU
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

Domain: www.ashtangayogashuswap.com
Type: unauthorized
Detail: Invalid response from
https://ashtangayogashuswap.com/.well-known/acme-challenge/uB81txwHhgUdJw_zUrbOJ0LmdUB6YgEpQBJOb6tJq30
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

• The following errors were reported by the server:

Domain: gonegourmet.ca
Type: unauthorized
Detail: Invalid response from
http://gonegourmet.ca/.well-known/acme-challenge/XaBLB90vmShI5twqW1ucyXnutOgCIKB5OnEN8ycofeg
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

• The following errors were reported by the server:

Domain: museclothingcompany.com
Type: unauthorized
Detail: Invalid response from
http://museclothingcompany.com/.well-known/acme-challenge/MBjgOOtnl2sZteeAZTJyxyrmg4_gzXGbrEiXRqXZ55A
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

Domain: www.museclothingcompany.com
Type: unauthorized
Detail: Invalid response from
https://ashtangayogashuswap.com/.well-known/acme-challenge/pdnfiaskzItjYOkWdzfYit4rQvCU-i_IvubKZ122cHk
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

• The following errors were reported by the server:

Domain: mylibraries.online
Type: unauthorized
Detail: Invalid response from
http://mylibraries.online/.well-known/acme-challenge/ZKmdF7UXbG_gzBVJT-IcaJvgkhEMDs1L8Fy7npVkgrM
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

Domain: www.mylibraries.online
Type: unauthorized
Detail: Invalid response from
https://ashtangayogashuswap.com/.well-known/acme-challenge/nERwig-0y1MagXopdETVPZPrHt2bZqkBkcDeNmSBUzg
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

• The following errors were reported by the server:

Domain: s-sac.com
Type: unauthorized
Detail: Invalid response from
http://s-sac.com/.well-known/acme-challenge/mP9pOVZ2L9wFS2Q-w7LxQLTx27ddIrqdVHpw1atRgAg
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

Domain: www.s-sac.com
Type: unauthorized
Detail: Invalid response from
https://ashtangayogashuswap.com/.well-known/acme-challenge/1ulJwbRXmZrkx0v_5uWyM8y5kbdlz3qxjNHxcleUqPk
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

• The following errors were reported by the server:

Domain: simfx.com
Type: unauthorized
Detail: Invalid response from
http://simfx.com/.well-known/acme-challenge/zfZu68U_X9t5nMb4RR8lre3q7NmW6CxoHhCJ5ROPBxQ
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

Domain: www.simfx.com
Type: unauthorized
Detail: Invalid response from
https://ashtangayogashuswap.com/.well-known/acme-challenge/nWjnahB-bmpfnLmusTTyNyUjBoUu7lfiOyVRPgmsGp4
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

• The following errors were reported by the server:

Domain: wisdomquest.com
Type: unauthorized
Detail: Invalid response from
http://wisdomquest.com/.well-known/acme-challenge/2Dl4TEUnAlWDcpVBewXiJqTg5XPX2W6S8QKMuL2IEHs
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

Domain: www.wisdomquest.com
Type: unauthorized
Detail: Invalid response from
http://www.wisdomquest.com/.well-known/acme-challenge/XivS3CutMAJdgTA7za6h4JbKTKnhrQakuWwWS4t183E
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

• The following errors were reported by the server:

Domain: www.schoollibraries.net
Type: unauthorized
Detail: Invalid response from
https://ashtangayogashuswap.com/.well-known/acme-challenge/1irm9EAiumHCmcqV0vHQ3P4HRp5LrOuqhYZhve1iSrw
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

Domain: schoollibraries.net
Type: unauthorized
Detail: Invalid response from
http://schoollibraries.net/.well-known/acme-challenge/2dS_8t8KC1btp0gc_OoRj58n35ASzoxQzrPGQXVJrD4
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

• The following errors were reported by the server:

Domain: www.websonarlibraries.net
Type: unauthorized
Detail: Invalid response from
https://ashtangayogashuswap.com/.well-known/acme-challenge/gf4Qwuzzv3k7OhCiqSiuxI1CaH8e5C2bDztdnvEbeYk
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

Domain: websonarlibraries.net
Type: unauthorized
Detail: Invalid response from
http://websonarlibraries.net/.well-known/acme-challenge/gPP3ibVRY5_yjk-rKGXgrfULlChCA2kJuFh481xYwxE
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

• The following errors were reported by the server:

Domain: www.wildwoodproductions.org
Type: unauthorized
Detail: Invalid response from
https://ashtangayogashuswap.com/.well-known/acme-challenge/Uz6eYjnx1iJSyYIBh8J2WLL9jWz1fAlQPX0TiUIXMuQ
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

Domain: wildwoodproductions.org
Type: unauthorized
Detail: Invalid response from
http://wildwoodproductions.org/.well-known/acme-challenge/uS2Dm9J-ZPVigBk_HqIeMv3S85spl39PVdlnoP7TvA4
[199.195.144.56]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
static:~ Duane$

I think I am now using webroot

(Attachment renewal.zip is missing)

renew_before_expiry = 30 days

version = 0.26.1
archive_dir = /etc/letsencrypt/archive/ashtangayogashuswap.com
cert = /etc/letsencrypt/live/ashtangayogashuswap.com/cert.pem
privkey = /etc/letsencrypt/live/ashtangayogashuswap.com/privkey.pem
chain = /etc/letsencrypt/live/ashtangayogashuswap.com/chain.pem
fullchain = /etc/letsencrypt/live/ashtangayogashuswap.com/fullchain.pem

Options used in the renewal process

[renewalparams]
account = 6dc9c6efdf8979fa54beda4cdc0dc4a5
authenticator = webroot
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
ashtangayogashuswap.com = /Applications/MAMP/htdocs/ashtanga
www.ashtangayogashuswap.com = /Applications/MAMP/htdocs/ashtanga

renew_before_expiry = 30 days

version = 0.26.1
archive_dir = /etc/letsencrypt/archive/wisdomquest.com
cert = /etc/letsencrypt/live/wisdomquest.com/cert.pem
privkey = /etc/letsencrypt/live/wisdomquest.com/privkey.pem
chain = /etc/letsencrypt/live/wisdomquest.com/chain.pem
fullchain = /etc/letsencrypt/live/wisdomquest.com/fullchain.pem

Options used in the renewal process

[renewalparams]
account = 6dc9c6efdf8979fa54beda4cdc0dc4a5
authenticator = webroot
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
www.wisdomquest.com = /Applications/MAMP/htdocs/wisdomquest
wisdomquest.com = /Applications/MAMP/htdocs/wisdomquest

Are both of the names configured independently with their own separate VirtualHosts somewhere in your Apache configuration?

Yes

Did you add either of these sites or names to your server between the time that you originally created your certificate(s) and now?

No

Can you show us the contents of the file /etc/letsencrypt/renewal/gonegourmet.ca.conf? I'm especially interested in whether it's using Certbot's apache plugin or webroot plugin.

Thank you!

So one question would be whether these paths are still correct. Could you try creating a file

/Applications/MAMP/htdocs/ashtanga/test.txt

—for example something like

echo "hello" >> /Applications/MAMP/htdocs/ashtanga/test.txt

(if your user account has permission to create files there)?

Then we should see if we can see that file on the web at http://ashtangayogashuswap.com/test.txt, and if so, the next step would be

mkdir -p /Applications/MAMP/htdocs/ashtanga/.well-known/acme-challenge
echo "hello again" >> /Applications/MAMP/htdocs/ashtanga/.well-known/acme-challenge/test2.txt

and see if we can see that file on the web at http://ashtangayogashuswap.com/.well-known/acme-challenge/test2.txt.

I don't think this is related to the error message you're seeing now, but I also noticed that you have the certificate and key file pointed to /etc/letsencrypt/archive and a specific version (here, version 15) of the renewed certificate. Are you updating that by hand every time you renew your certificates!? It sounds like a lot of work.

We provided an alternative, /etc/letsencrypt/live, so that you can configure a single location for the certificate and associated files in your web server application, and not have to change it for renewals.

That is not the correct path. It is now /Users/Duane/Sites/ashtanga

All web domain files are now in the Sites directory

That does’t seem to work in my MAMP software.
I also notice that the Keys directory likely has permission problems.

I see the problem now. I re-installed all the certificates with the old location

sudo certbot certonly --webroot -w /Applications/MAMP/htdocs/w01mylibrariesonline/ -d w01.mylibraries.online

Should have been

sudo certbot certonly --webroot -w /Users/Duane/Sites/w01mylibrariesonline/ -d w01.mylibraries.online

I assume I can re-install and it should fix the problem.

That seems right! You could probably automate this process. For example

sed -i "s:/Applications/MAMP/htdocs/:/Users/Duane/Sites/:" /etc/letsencrypt/renewal/*.conf

Before running a command that modifies important files automatically, it would be a good idea to make a backup of those files so they can be restored if the command doesn't work properly.

If it does work, it may save you some time because you won't have to change these all by hand!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.