Getting a 404 when trying to renew the certificate

My domain is: cookaborough.com

I ran this command: sudo certbot renew

It produced this output:

Attempting to renew cert (www.cookaborough.com) from /etc/letsencrypt/renewal/www.cookaborough.com.conf produced an unexpected error: Failed authorization procedure. www.cookaborough.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://cookaborough.com/.well-known/acme-challenge/9zr2K2flz7OSUV9LOllAaVJ3_ttCR4Nk_f1KFBncjF8 [2606:4700:3032::681c:1e29]: "<!doctype html>\n\n<meta charset="utf-8">\n<meta name="viewport" content="width=device-width, initial-scale=1">\n<link href="/". Skipping.

My web server is (include version): Nginx 1.14

The operating system my web server runs on is (include version): ubuntu 18.04

My hosting provider, if applicable, is: AWS ec2

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.31.0

I manually created the .well-knwon directory inside /var/www/cookaborough/public and given 755 permissions, but still exactly the same output. Tried everything I could find online but nothing works.

This is my Nginx configuration:
server {
server_name cookaborough.com;
root /var/www/cookaborough/public;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    location ^~ /.well-known/acme-challenge/ {
        allow all;
        default_type "text/plain";
    }

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }

    # browser caching of static assets
    location ~* \.(jpg|jpeg|png|gif|ico|svg|webp)$ {
        expires 365d;
    }
    location ~* \.(css|js)$ {
        expires 365d;
    }

    client_max_body_size 10M;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/cookaborough.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/cookaborough.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = cookaborough.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name cookaborough.com;
    return 404; # managed by Certbot

}

server {
    listen 80;
    server_name cookaborough.com.au www.cookaborough.com.au;
    return 301 https://cookaborough.com$request_uri;
}

server {
    listen 443;
    server_name cookaborough.com.au www.cookaborough.com.au;
    return 301 https://cookaborough.com$request_uri;
}

server {
    listen 443;
    server_name www.cookaborough.com;
    return 301 https://cookaborough.com$request_uri;
}

server {
    if ($host = www.cookaborough.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name www.cookaborough.com;
    listen 80;
    return 404; # managed by Certbot

}
1 Like

Hi @aem5299

you use Cloudflare and there is an ipv6 - answer.

Connects Cloudflare your server via ipv4 or ipv6? Ipv6 isn't in your nginx configured.

PS: I don't know what happens if a webserver doesn't have a working ipv6 configuration and Cloudflare has a correct ipv6.

2 Likes

Hi,

I was able to install the cert initially with that same configuration, so if that’s an issue, shouldn’t it have failed when I issued the certificate?

Anyway I tried changing the listen in the Nginx config to [::]:443 (which from my quick research enables both ipv4 & 6), but Cloudflare threw an error when I tried to access the website ‘SSL handshake failed’.

1 Like

No ideas about how to fix it?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.