% curl -i http://ackis.duckdns.org/
curl: (1) Received HTTP/0.9 when not allowed
your webserver doesn’t sound very friendly
1 Like
And I don’t understand why. 
1 Like
it’s a lot friendlier now 
% curl -i http://ackis.duckdns.org/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 08 Mar 2020 10:02:34 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://ackis.duckdns.org/
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
1 Like
That’s what it should’ve been doing all along. I didn’t change anything though.
That’s a lie - I removed Apache2 which was listening on port 8008/8009. I had it installed because I wanted to learn Apache configs eventually.
The 403 error has changed into a 404 error at least… not sure if that’s progress now (The error received when trying to renew a cert):
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for plexpy.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. plexpy.ackis.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://plexpy.ackis.duckdns.org/.well-known/acme-challenge/7CjvErE5WnekV3lPr5EsOSwcv739imPnn6TqK7_BcB8 [68.148.53.117]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: plexpy.ackis.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://plexpy.ackis.duckdns.org/.well-known/acme-challenge/7CjvErE5WnekV3lPr5EsOSwcv739imPnn6TqK7_BcB8
[68.148.53.117]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
(The domain for that one is different from what we had above, but the same error occurs across all my domains.)
1 Like
that’s helpful. I suppose --webroot is not properly configured.
you should try and use certbot renew -a nginx
1 Like
This tries to renew everything up for renewal. There are three main errors that popped up - 403, 404 and an invalid configuration file. I think I can file the config file error. I snipped out a bunch of “Not due for renewal” messages because of length.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewal configuration file /etc/letsencrypt/renewal/ackis.duckdns.org.conf does not specify an authe nticator. Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/asf.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/calibre.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for calibre.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (calibre.ackis.duckdns.org) from /etc/letsencrypt/renewal/calibre.ackis.duc kdns.org.conf produced an unexpected error: Failed authorization procedure. calibre.ackis.duckdns.or g (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://calibre.ackis.duckdns.org/.well-known/acme-challenge/nAx5fsg7_JZFfPMg6 r5svxcXQiS6JxxsqVkTwHMtiNI [68.148.53.117]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n <body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n". Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/denon.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for denon.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (denon.ackis.duckdns.org) from /etc/letsencrypt/renewal/denon.ackis.duckdns .org.conf produced an unexpected error: Failed authorization procedure. denon.ackis.duckdns.org (htt p-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Inval id response from http://denon.ackis.duckdns.org/.well-known/acme-challenge/mM4SjrIhP1Hse4FrvRaUOZ5wr k3r17M6sWW8LXVthqw [68.148.53.117]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r \n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n". Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/nextcloud.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nextcloud.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (nextcloud.ackis.duckdns.org) from /etc/letsencrypt/renewal/nextcloud.ackis .duckdns.org.conf produced an unexpected error: Failed authorization procedure. nextcloud.ackis.duck dns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorizat ion :: Invalid response from https://nextcloud.ackis.duckdns.org/.well-known/acme-challenge/TAvHc3lQ mQRswguEJUUWCXyQgZs9KlR9MzQdpUOV3PE [68.148.53.117]: "<html>\r\n<head><title>403 Forbidden</title></ head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n". Skipp ing.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/obi200.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ombi.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ombi.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (ombi.ackis.duckdns.org) from /etc/letsencrypt/renewal/ombi.ackis.duckdns.o rg.conf produced an unexpected error: Failed authorization procedure. ombi.ackis.duckdns.org (http-0 1): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://ombi.ackis.duckdns.org/.well-known/acme-challenge/CdTrddZiEPSuJzCb46S2PRJDWT96 DCoFDwcXXbzzp3s [68.148.53.117]: "<!DOCTYPE html>\n<html>\n<head>\n <!--\n\n\n\n\n\n bbbbbbbb\n OOOOOOOOO ". Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/plexwebtools.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for plexwebtools.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (plexwebtools.ackis.duckdns.org) from /etc/letsencrypt/renewal/plexwebtools .ackis.duckdns.org.conf produced an unexpected error: Failed authorization procedure. plexwebtools.a ckis.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient a uthorization :: Invalid response from https://plexwebtools.ackis.duckdns.org/.well-known/acme-challe nge/qsDO4xSRDjRSQNACglzMwqz-8NEBx00uL9-FJ2Y-mkA [68.148.53.117]: "<html>\r\n<head><title>403 Forbidd en</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center> \r\n". Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/radarr.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for radarr.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (radarr.ackis.duckdns.org) from /etc/letsencrypt/renewal/radarr.ackis.duckd ns.org.conf produced an unexpected error: Failed authorization procedure. radarr.ackis.duckdns.org ( http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: In valid response from https://radarr.ackis.duckdns.org/.well-known/acme-challenge/eZqfYLDr7iM4arjnO5Iz XhAmi2IajsIeBOMW6J82I8o [68.148.53.117]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<bo dy>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n". Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sabnzbd.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for sabnzbd.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (sabnzbd.ackis.duckdns.org) from /etc/letsencrypt/renewal/sabnzbd.ackis.duc kdns.org.conf produced an unexpected error: Failed authorization procedure. sabnzbd.ackis.duckdns.or g (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://sabnzbd.ackis.duckdns.org/.well-known/acme-challenge/ImN-y-33bga-jybY uro_xl0EWW5FK-N-G-cJ5APHsCo [68.148.53.117]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\ n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n". Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sonarr.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for sonarr.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (sonarr.ackis.duckdns.org) from /etc/letsencrypt/renewal/sonarr.ackis.duckd ns.org.conf produced an unexpected error: Failed authorization procedure. sonarr.ackis.duckdns.org ( http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: In valid response from https://sonarr.ackis.duckdns.org/.well-known/acme-challenge/WwvVyEycB-XqrFbql4QA Ne9QDP5OLJdg-cP9n-iwB-I [68.148.53.117]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<bo dy>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n". Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ubooquityadmin.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ubooquityadmin.ackis.duckdns.org
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (ubooquityadmin.ackis.duckdns.org) from /etc/letsencrypt/renewal/ubooquitya dmin.ackis.duckdns.org.conf produced an unexpected error: Failed authorization procedure. ubooquitya dmin.ackis.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks suffic ient authorization :: Invalid response from http://ubooquityadmin.ackis.duckdns.org/.well-known/acme -challenge/SPWmOaPJSk62h_6mRg0E7WD868okUu7OgW5IF7NSKPE [68.148.53.117]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</ center>\r\n". Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/usbserver.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/webmin.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/wiki.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.channydraws.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/znc.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/zoneminder.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/calibre.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/denon.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/nextcloud.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/ombi.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/plexwebtools.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/radarr.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/sabnzbd.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/sonarr.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/ubooquityadmin.ackis.duckdns.org/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certs are not due for renewal yet:
/etc/letsencrypt/live/asf.ackis.duckdns.org/fullchain.pem expires on 2020-05-03 (skipped)
/etc/letsencrypt/live/canon.ackis.duckdns.org/fullchain.pem expires on 2020-05-08 (skipped)
/etc/letsencrypt/live/channydraws-dev.ackis.duckdns.org/fullchain.pem expires on 2020-05-14 (skipp ed)
/etc/letsencrypt/live/channydraws.com/fullchain.pem expires on 2020-05-03 (skipped)
/etc/letsencrypt/live/chantelle.ackis.duckdns.org/fullchain.pem expires on 2020-05-14 (skipped)
/etc/letsencrypt/live/datacrow.ackis.duckdns.org/fullchain.pem expires on 2020-04-17 (skipped)
/etc/letsencrypt/live/glances.ackis.duckdns.org/fullchain.pem expires on 2020-04-14 (skipped)
/etc/letsencrypt/live/grafana.ackis.duckdns.org/fullchain.pem expires on 2020-04-27 (skipped)
/etc/letsencrypt/live/hdhrextend.ackis.duckdns.org/fullchain.pem expires on 2020-05-03 (skipped)
/etc/letsencrypt/live/lidarr.ackis.duckdns.org/fullchain.pem expires on 2020-05-08 (skipped)
/etc/letsencrypt/live/mf4890.ackis.duckdns.org/fullchain.pem expires on 2020-05-08 (skipped)
/etc/letsencrypt/live/monit.ackis.duckdns.org/fullchain.pem expires on 2020-05-08 (skipped)
/etc/letsencrypt/live/mylar.ackis.duckdns.org/fullchain.pem expires on 2020-04-14 (skipped)
/etc/letsencrypt/live/obi200.ackis.duckdns.org/fullchain.pem expires on 2020-04-28 (skipped)
/etc/letsencrypt/live/plexpy.ackis.duckdns.org/fullchain.pem expires on 2020-05-03 (skipped)
/etc/letsencrypt/live/transmission.ackis.duckdns.org/fullchain.pem expires on 2020-04-14 (skipped)
/etc/letsencrypt/live/ubooquity.ackis.duckdns.org/fullchain.pem expires on 2020-04-14 (skipped)
/etc/letsencrypt/live/usbserver.ackis.duckdns.org/fullchain.pem expires on 2020-05-02 (skipped)
/etc/letsencrypt/live/webmin.ackis.duckdns.org/fullchain.pem expires on 2020-05-14 (skipped)
/etc/letsencrypt/live/wiki.ackis.duckdns.org/fullchain.pem expires on 2020-04-14 (skipped)
/etc/letsencrypt/live/www.ackis.duckdns.org/fullchain.pem expires on 2020-05-14 (skipped)
/etc/letsencrypt/live/www.channydraws.com/fullchain.pem expires on 2020-04-19 (skipped)
/etc/letsencrypt/live/znc.ackis.duckdns.org/fullchain.pem expires on 2020-04-14 (skipped)
/etc/letsencrypt/live/zoneminder.ackis.duckdns.org/fullchain.pem expires on 2020-05-14 (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/calibre.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/denon.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/nextcloud.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/ombi.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/plexwebtools.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/radarr.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/sabnzbd.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/sonarr.ackis.duckdns.org/fullchain.pem (failure)
/etc/letsencrypt/live/ubooquityadmin.ackis.duckdns.org/fullchain.pem (failure)
Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/ackis.duckdns.org.conf (parsefail)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9 renew failure(s), 1 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: calibre.ackis.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://calibre.ackis.duckdns.org/.well-known/acme-challenge/nAx5fsg7_JZFfPMg6r5svxcXQiS6JxxsqVkTw HMtiNI
[68.148.53.117]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- The following errors were reported by the server:
Domain: denon.ackis.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://denon.ackis.duckdns.org/.well-known/acme-challenge/mM4SjrIhP1Hse4FrvRaUOZ5wrk3r17M6sWW8LXV thqw
[68.148.53.117]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- The following errors were reported by the server:
Domain: nextcloud.ackis.duckdns.org
Type: unauthorized
Detail: Invalid response from
https://nextcloud.ackis.duckdns.org/.well-known/acme-challenge/TAvHc3lQmQRswguEJUUWCXyQgZs9KlR9Mz QdpUOV3PE
[68.148.53.117]: "<html>\r\n<head><title>403
Forbidden</title></head>\r\n<body>\r\n<center><h1>403
Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- The following errors were reported by the server:
Domain: ombi.ackis.duckdns.org
Type: unauthorized
Detail: Invalid response from
https://ombi.ackis.duckdns.org/.well-known/acme-challenge/CdTrddZiEPSuJzCb46S2PRJDWT96DCoFDwcXXbz zp3s
[68.148.53.117]: "<!DOCTYPE html>\n<html>\n<head>\n
<!--\n\n\n\n\n\n
bbbbbbbb\n OOOOOOOOO "
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- The following errors were reported by the server:
Domain: plexwebtools.ackis.duckdns.org
Type: unauthorized
Detail: Invalid response from
https://plexwebtools.ackis.duckdns.org/.well-known/acme-challenge/qsDO4xSRDjRSQNACglzMwqz-8NEBx00 uL9-FJ2Y-mkA
[68.148.53.117]: "<html>\r\n<head><title>403
Forbidden</title></head>\r\n<body>\r\n<center><h1>403
Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- The following errors were reported by the server:
Domain: radarr.ackis.duckdns.org
Type: unauthorized
Detail: Invalid response from
https://radarr.ackis.duckdns.org/.well-known/acme-challenge/eZqfYLDr7iM4arjnO5IzXhAmi2IajsIeBOMW6 J82I8o
[68.148.53.117]: "<html>\r\n<head><title>403
Forbidden</title></head>\r\n<body>\r\n<center><h1>403
Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- The following errors were reported by the server:
Domain: sabnzbd.ackis.duckdns.org
Type: unauthorized
Detail: Invalid response from
https://sabnzbd.ackis.duckdns.org/.well-known/acme-challenge/ImN-y-33bga-jybYuro_xl0EWW5FK-N-G-cJ 5APHsCo
[68.148.53.117]: "<html>\r\n<head><title>403
Forbidden</title></head>\r\n<body>\r\n<center><h1>403
Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- The following errors were reported by the server:
Domain: sonarr.ackis.duckdns.org
Type: unauthorized
Detail: Invalid response from
https://sonarr.ackis.duckdns.org/.well-known/acme-challenge/WwvVyEycB-XqrFbql4QANe9QDP5OLJdg-cP9n -iwB-I
[68.148.53.117]: "<html>\r\n<head><title>403
Forbidden</title></head>\r\n<body>\r\n<center><h1>403
Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- The following errors were reported by the server:
Domain: ubooquityadmin.ackis.duckdns.org
Type: unauthorized
Detail: Invalid response from
http://ubooquityadmin.ackis.duckdns.org/.well-known/acme-challenge/SPWmOaPJSk62h_6mRg0E7WD868okUu 7OgW5IF7NSKPE
[68.148.53.117]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
1 Like
wait, what’s the command you issued with --webroot?
did it look like certbot renew -d somedomain -a webroot -w /var/www/letsencrypt -i nginx ?
yeah, your workaround is probably interfering with that. I still have no idea why you use it.
1 Like
I didn't issue any command with webroot. I just ran certbot renew -a nginx like you suggested.
There's a bug with nginx where the installer doesn't work on some installs, so I was forced to use the webroot method.
I'm willing to get rid of it, if you think it'll help. I did for the ackis.duckdns.org domain (which is why I had the configuration error, I had to manually edit the config file) and it didn't seem to make a difference.
1 Like
did you not use, at any point in time, something that looks like certbot renew|run -a webroot -w /var/www/letsencrypt [-d domain] ?
try putting a file in that directory and check if you can see it from http://plexpy.ackis.duckdns.org/.well-known/acme-challenge/yourfile.txt
(or, better, try putting a file in /var/www/letsencrypt/.well-known/acme-challenge/)
1 Like
Yes I did - for all my domains that came up for renewal.
Did that - was able to see the file after messing with permissions, and then I was able to renew a couple certs.
1 Like
and the others gave what error?
1 Like
They’ve just been errors with the automatic nginx install so far - I’ve just had to convert them over to the webroot method. It looks like it was a permissions error.
I thought I had tested that out because I put a file in /var/www/letsencrypt and tried to access it via curl, but couldn’t, but when you told me to put a file in /var/www/letsencrypt/.well-known/acme-challenge/, that’s when I clued in that it may have been permissions. I’m not sure how it could have been because nothing changed there - it was an empty folder with www-data owning it, but who knows. It’s working now at least so I’m able to renew the certs that need to be renewed.
Going to get them all renewed over the next few days here, and hopefully just have it left on so I can forget about it and have everything just work.
Appreciate your help and patience with me.
1 Like
did you mkdir the directories before putting the file in there?
(you can become www-data with sudo -u www-data -s /bin/bash)
1 Like
Not originally. I had thought that the webroot declaration handled that. E.g. plexpy.ackis.duckdns.org/.well-known/acme-challenge/ was mapped directly to /var/www/letsencrypt/. So by having those folders we ended up with plexpy.ackis.duckdns.org/.well-known/acme-challenge/.well-known/acme-challenge/.
They exist in there now though (well earlier this afternoon before I made that other post).
1 Like
it does. but that doesn’t do you any good if you put files inside manually.
You want to see the response headers?
either open the network tab in your browser development tools, or run curl -I http[s]://website in a terminal (install curl if it’s not)
1 Like
I’m not quite following you - if I put a file inside shouldn’t it be handled like a symbolic link to a directory?
the webroot declaration will create the .well-known/acme-challenge directory if it does not exist, but that doesn’t mean you won’t have to do the same, you can’t put files inside a non-existing directory (the webroot declaration cleans up after itself)
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.