Failure when renewing


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: sicvisuals.com

I ran this command: /opt/letsencrypt/letsencrypt-auto certonly -a webroot --webroot-path=/var/www/acme/ -d sicvisuals.com -d www.sicvisuals.com --renew-by-default

It produced this output:
Upgrading certbot-auto 0.29.1 to 0.30.0… Replacing certbot-auto… Creating virtual environment… Installing Python packages… Installation succeeded. Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for sicvisuals.com http-01 challenge for www.sicvisuals.com Using the webroot path /var/www/acme for all unmatched domains. Waiting for verification… Cleaning up challenges Failed authorization procedure. www.sicvisuals.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.sicvisuals.com/.well-known/acme-challenge/poW8bp1CRn5prJIsjLwEweZF1plzcd9szr5z6r3OxdI: "<!DOCTYPE html>\n<html lang=“en-US” id=“arve” prefix=“og: http://ogp.me/ns#”>\n<head >\n<meta charset=“UTF-8” />\n<meta name=“viewpo”, sicvisuals.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://sicvisuals.com/.well-known/acme-challenge/u8_t3o6ag8bZ2nTWsUMNP-gkJ_coob8bDERUI810X9w: "<!DOCTYPE html>\n<html lang=“en-US” id=“arve” prefix=“og: http://ogp.me/ns#”>\n<head >\n<meta charset=“UTF-8” />\n<meta name=“viewpo” IMPORTANT NOTES: - The following errors were reported by the server: Domain: www.sicvisuals.com Type: unauthorized Detail: Invalid response from http://www.sicvisuals.com/.well-known/acme-challenge/poW8bp1CRn5prJIsjLwEweZF1plzcd9szr5z6r3OxdI: "<!DOCTYPE html>\n<html lang=“en-US” id=“arve” prefix=“og: http://ogp.me/ns#”>\n<head >\n<meta charset=“UTF-8” />\n<meta name=“viewpo” Domain: sicvisuals.com Type: unauthorized Detail: Invalid response from http://sicvisuals.com/.well-known/acme-challenge/u8_t3o6ag8bZ2nTWsUMNP-gkJ_coob8bDERUI810X9w: "<!DOCTYPE html>\n<html lang=“en-US” id=“arve” prefix=“og: http://ogp.me/ns#”>\n<head >\n<meta charset=“UTF-8” />\n<meta name=“viewpo” To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

My web server is (include version): nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.1 LTS

My hosting provider, if applicable, is: Digitalocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

Can you show us how this relates to the configuration of the nginx virtualhost?


#3

Installed this way:
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
mkdir /var/www/acme/
chown www-data:www-data /var/www/acme
/opt/letsencrypt/letsencrypt-auto certonly -a webroot --webroot-path=/var/www/acme/ -d yourdomain.com -d www.yourdomain.com


#4

But how does nginx know that requests to /.well-known/acme-challenge/* should be served from /var/www/acme?

How did you determine that’s the webroot path?


#5

Those were the instructions to install that i followed


#6

If they were the instructions, they are incomplete. To issue a certificate the way you are trying, required further configuration.

Perhaps try:

/opt/letsencrypt/letsencrypt-auto certonly -a nginx -d sicvisuals.com -d www.sicvisuals.com

#7

I already have certs on the site. Have added the location of the certs to the configuration and they work fine. Just can’t renew.

Should I still run the command you suggested?


#8

This worked. Thank you


closed #9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.