Getting ERR_SSL_PROTOCOL_ERROR when connecting to my website through my router

% curl -i http://ackis.duckdns.org/
curl: (1) Received HTTP/0.9 when not allowed

your webserver doesn’t sound very friendly

1 Like

And I don’t understand why. :frowning:

1 Like

it’s a lot friendlier now :slight_smile:

% curl -i http://ackis.duckdns.org/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 08 Mar 2020 10:02:34 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://ackis.duckdns.org/

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
1 Like

That’s what it should’ve been doing all along. I didn’t change anything though.

That’s a lie - I removed Apache2 which was listening on port 8008/8009. I had it installed because I wanted to learn Apache configs eventually.

The 403 error has changed into a 404 error at least… not sure if that’s progress now (The error received when trying to renew a cert):

Renewing an existing certificate
Performing the following challenges:
http-01 challenge for plexpy.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. plexpy.ackis.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://plexpy.ackis.duckdns.org/.well-known/acme-challenge/7CjvErE5WnekV3lPr5EsOSwcv739imPnn6TqK7_BcB8 [68.148.53.117]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: plexpy.ackis.duckdns.org
   Type:   unauthorized
   Detail: Invalid response from
   http://plexpy.ackis.duckdns.org/.well-known/acme-challenge/7CjvErE5WnekV3lPr5EsOSwcv739imPnn6TqK7_BcB8
   [68.148.53.117]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body>\r\n<center><h1>404 Not
   Found</h1></center>\r\n<hr><center>nginx</center>\r\n"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

(The domain for that one is different from what we had above, but the same error occurs across all my domains.)

1 Like

that’s helpful. I suppose --webroot is not properly configured.

you should try and use certbot renew -a nginx

1 Like

This tries to renew everything up for renewal. There are three main errors that popped up - 403, 404 and an invalid configuration file. I think I can file the config file error. I snipped out a bunch of “Not due for renewal” messages because of length.

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewal configuration file /etc/letsencrypt/renewal/ackis.duckdns.org.conf does not specify an authe                                                                                                               nticator. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/asf.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/calibre.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for calibre.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (calibre.ackis.duckdns.org) from /etc/letsencrypt/renewal/calibre.ackis.duc                                                                                                               kdns.org.conf produced an unexpected error: Failed authorization procedure. calibre.ackis.duckdns.or                                                                                                               g (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization ::                                                                                                                Invalid response from http://calibre.ackis.duckdns.org/.well-known/acme-challenge/nAx5fsg7_JZFfPMg6                                                                                                               r5svxcXQiS6JxxsqVkTwHMtiNI [68.148.53.117]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n                                                                                                               <body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n". Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/denon.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for denon.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (denon.ackis.duckdns.org) from /etc/letsencrypt/renewal/denon.ackis.duckdns                                                                                                               .org.conf produced an unexpected error: Failed authorization procedure. denon.ackis.duckdns.org (htt                                                                                                               p-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Inval                                                                                                               id response from http://denon.ackis.duckdns.org/.well-known/acme-challenge/mM4SjrIhP1Hse4FrvRaUOZ5wr                                                                                                               k3r17M6sWW8LXVthqw [68.148.53.117]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r                                                                                                               \n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n". Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/nextcloud.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nextcloud.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (nextcloud.ackis.duckdns.org) from /etc/letsencrypt/renewal/nextcloud.ackis                                                                                                               .duckdns.org.conf produced an unexpected error: Failed authorization procedure. nextcloud.ackis.duck                                                                                                               dns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorizat                                                                                                               ion :: Invalid response from https://nextcloud.ackis.duckdns.org/.well-known/acme-challenge/TAvHc3lQ                                                                                                               mQRswguEJUUWCXyQgZs9KlR9MzQdpUOV3PE [68.148.53.117]: "<html>\r\n<head><title>403 Forbidden</title></                                                                                                               head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n". Skipp                                                                                                               ing.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/obi200.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ombi.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ombi.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (ombi.ackis.duckdns.org) from /etc/letsencrypt/renewal/ombi.ackis.duckdns.o                                                                                                               rg.conf produced an unexpected error: Failed authorization procedure. ombi.ackis.duckdns.org (http-0                                                                                                               1): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid                                                                                                                response from https://ombi.ackis.duckdns.org/.well-known/acme-challenge/CdTrddZiEPSuJzCb46S2PRJDWT96                                                                                                               DCoFDwcXXbzzp3s [68.148.53.117]: "<!DOCTYPE html>\n<html>\n<head>\n    <!--\n\n\n\n\n\n                                                                                                                                                             bbbbbbbb\n         OOOOOOOOO           ". Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/plexwebtools.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for plexwebtools.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (plexwebtools.ackis.duckdns.org) from /etc/letsencrypt/renewal/plexwebtools                                                                                                               .ackis.duckdns.org.conf produced an unexpected error: Failed authorization procedure. plexwebtools.a                                                                                                               ckis.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient a                                                                                                               uthorization :: Invalid response from https://plexwebtools.ackis.duckdns.org/.well-known/acme-challe                                                                                                               nge/qsDO4xSRDjRSQNACglzMwqz-8NEBx00uL9-FJ2Y-mkA [68.148.53.117]: "<html>\r\n<head><title>403 Forbidd                                                                                                               en</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>                                                                                                               \r\n". Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/radarr.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for radarr.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (radarr.ackis.duckdns.org) from /etc/letsencrypt/renewal/radarr.ackis.duckd                                                                                                               ns.org.conf produced an unexpected error: Failed authorization procedure. radarr.ackis.duckdns.org (                                                                                                               http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: In                                                                                                               valid response from https://radarr.ackis.duckdns.org/.well-known/acme-challenge/eZqfYLDr7iM4arjnO5Iz                                                                                                               XhAmi2IajsIeBOMW6J82I8o [68.148.53.117]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<bo                                                                                                               dy>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n". Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sabnzbd.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for sabnzbd.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (sabnzbd.ackis.duckdns.org) from /etc/letsencrypt/renewal/sabnzbd.ackis.duc                                                                                                               kdns.org.conf produced an unexpected error: Failed authorization procedure. sabnzbd.ackis.duckdns.or                                                                                                               g (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization ::                                                                                                                Invalid response from https://sabnzbd.ackis.duckdns.org/.well-known/acme-challenge/ImN-y-33bga-jybY                                                                                                               uro_xl0EWW5FK-N-G-cJ5APHsCo [68.148.53.117]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\                                                                                                               n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n". Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sonarr.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for sonarr.ackis.duckdns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (sonarr.ackis.duckdns.org) from /etc/letsencrypt/renewal/sonarr.ackis.duckd                                                                                                               ns.org.conf produced an unexpected error: Failed authorization procedure. sonarr.ackis.duckdns.org (                                                                                                               http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: In                                                                                                               valid response from https://sonarr.ackis.duckdns.org/.well-known/acme-challenge/WwvVyEycB-XqrFbql4QA                                                                                                               Ne9QDP5OLJdg-cP9n-iwB-I [68.148.53.117]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<bo                                                                                                               dy>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n". Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ubooquityadmin.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ubooquityadmin.ackis.duckdns.org
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (ubooquityadmin.ackis.duckdns.org) from /etc/letsencrypt/renewal/ubooquitya                                                                                                               dmin.ackis.duckdns.org.conf produced an unexpected error: Failed authorization procedure. ubooquitya                                                                                                               dmin.ackis.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks suffic                                                                                                               ient authorization :: Invalid response from http://ubooquityadmin.ackis.duckdns.org/.well-known/acme                                                                                                               -challenge/SPWmOaPJSk62h_6mRg0E7WD868okUu7OgW5IF7NSKPE [68.148.53.117]: "<html>\r\n<head><title>404                                                                                                                Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</                                                                                                               center>\r\n". Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/usbserver.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/webmin.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/wiki.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.channydraws.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/znc.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/zoneminder.ackis.duckdns.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/calibre.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/denon.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/nextcloud.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/ombi.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/plexwebtools.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/radarr.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/sabnzbd.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/sonarr.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/ubooquityadmin.ackis.duckdns.org/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/asf.ackis.duckdns.org/fullchain.pem expires on 2020-05-03 (skipped)
  /etc/letsencrypt/live/canon.ackis.duckdns.org/fullchain.pem expires on 2020-05-08 (skipped)
  /etc/letsencrypt/live/channydraws-dev.ackis.duckdns.org/fullchain.pem expires on 2020-05-14 (skipp                                                                                                               ed)
  /etc/letsencrypt/live/channydraws.com/fullchain.pem expires on 2020-05-03 (skipped)
  /etc/letsencrypt/live/chantelle.ackis.duckdns.org/fullchain.pem expires on 2020-05-14 (skipped)
  /etc/letsencrypt/live/datacrow.ackis.duckdns.org/fullchain.pem expires on 2020-04-17 (skipped)
  /etc/letsencrypt/live/glances.ackis.duckdns.org/fullchain.pem expires on 2020-04-14 (skipped)
  /etc/letsencrypt/live/grafana.ackis.duckdns.org/fullchain.pem expires on 2020-04-27 (skipped)
  /etc/letsencrypt/live/hdhrextend.ackis.duckdns.org/fullchain.pem expires on 2020-05-03 (skipped)
  /etc/letsencrypt/live/lidarr.ackis.duckdns.org/fullchain.pem expires on 2020-05-08 (skipped)
  /etc/letsencrypt/live/mf4890.ackis.duckdns.org/fullchain.pem expires on 2020-05-08 (skipped)
  /etc/letsencrypt/live/monit.ackis.duckdns.org/fullchain.pem expires on 2020-05-08 (skipped)
  /etc/letsencrypt/live/mylar.ackis.duckdns.org/fullchain.pem expires on 2020-04-14 (skipped)
  /etc/letsencrypt/live/obi200.ackis.duckdns.org/fullchain.pem expires on 2020-04-28 (skipped)
  /etc/letsencrypt/live/plexpy.ackis.duckdns.org/fullchain.pem expires on 2020-05-03 (skipped)
  /etc/letsencrypt/live/transmission.ackis.duckdns.org/fullchain.pem expires on 2020-04-14 (skipped)
  /etc/letsencrypt/live/ubooquity.ackis.duckdns.org/fullchain.pem expires on 2020-04-14 (skipped)
  /etc/letsencrypt/live/usbserver.ackis.duckdns.org/fullchain.pem expires on 2020-05-02 (skipped)
  /etc/letsencrypt/live/webmin.ackis.duckdns.org/fullchain.pem expires on 2020-05-14 (skipped)
  /etc/letsencrypt/live/wiki.ackis.duckdns.org/fullchain.pem expires on 2020-04-14 (skipped)
  /etc/letsencrypt/live/www.ackis.duckdns.org/fullchain.pem expires on 2020-05-14 (skipped)
  /etc/letsencrypt/live/www.channydraws.com/fullchain.pem expires on 2020-04-19 (skipped)
  /etc/letsencrypt/live/znc.ackis.duckdns.org/fullchain.pem expires on 2020-04-14 (skipped)
  /etc/letsencrypt/live/zoneminder.ackis.duckdns.org/fullchain.pem expires on 2020-05-14 (skipped)
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/calibre.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/denon.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/nextcloud.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/ombi.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/plexwebtools.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/radarr.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/sabnzbd.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/sonarr.ackis.duckdns.org/fullchain.pem (failure)
  /etc/letsencrypt/live/ubooquityadmin.ackis.duckdns.org/fullchain.pem (failure)

Additionally, the following renewal configurations were invalid:
  /etc/letsencrypt/renewal/ackis.duckdns.org.conf (parsefail)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9 renew failure(s), 1 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: calibre.ackis.duckdns.org
   Type:   unauthorized
   Detail: Invalid response from
   http://calibre.ackis.duckdns.org/.well-known/acme-challenge/nAx5fsg7_JZFfPMg6r5svxcXQiS6JxxsqVkTw                                                                                                               HMtiNI
   [68.148.53.117]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body>\r\n<center><h1>404 Not
   Found</h1></center>\r\n<hr><center>nginx</center>\r\n"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - The following errors were reported by the server:

   Domain: denon.ackis.duckdns.org
   Type:   unauthorized
   Detail: Invalid response from
   http://denon.ackis.duckdns.org/.well-known/acme-challenge/mM4SjrIhP1Hse4FrvRaUOZ5wrk3r17M6sWW8LXV                                                                                                               thqw
   [68.148.53.117]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body>\r\n<center><h1>404 Not
   Found</h1></center>\r\n<hr><center>nginx</center>\r\n"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - The following errors were reported by the server:

   Domain: nextcloud.ackis.duckdns.org
   Type:   unauthorized
   Detail: Invalid response from
   https://nextcloud.ackis.duckdns.org/.well-known/acme-challenge/TAvHc3lQmQRswguEJUUWCXyQgZs9KlR9Mz                                                                                                               QdpUOV3PE
   [68.148.53.117]: "<html>\r\n<head><title>403
   Forbidden</title></head>\r\n<body>\r\n<center><h1>403
   Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - The following errors were reported by the server:

   Domain: ombi.ackis.duckdns.org
   Type:   unauthorized
   Detail: Invalid response from
   https://ombi.ackis.duckdns.org/.well-known/acme-challenge/CdTrddZiEPSuJzCb46S2PRJDWT96DCoFDwcXXbz                                                                                                               zp3s
   [68.148.53.117]: "<!DOCTYPE html>\n<html>\n<head>\n
   <!--\n\n\n\n\n\n
   bbbbbbbb\n         OOOOOOOOO           "

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - The following errors were reported by the server:

   Domain: plexwebtools.ackis.duckdns.org
   Type:   unauthorized
   Detail: Invalid response from
   https://plexwebtools.ackis.duckdns.org/.well-known/acme-challenge/qsDO4xSRDjRSQNACglzMwqz-8NEBx00                                                                                                               uL9-FJ2Y-mkA
   [68.148.53.117]: "<html>\r\n<head><title>403
   Forbidden</title></head>\r\n<body>\r\n<center><h1>403
   Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - The following errors were reported by the server:

   Domain: radarr.ackis.duckdns.org
   Type:   unauthorized
   Detail: Invalid response from
   https://radarr.ackis.duckdns.org/.well-known/acme-challenge/eZqfYLDr7iM4arjnO5IzXhAmi2IajsIeBOMW6                                                                                                               J82I8o
   [68.148.53.117]: "<html>\r\n<head><title>403
   Forbidden</title></head>\r\n<body>\r\n<center><h1>403
   Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - The following errors were reported by the server:

   Domain: sabnzbd.ackis.duckdns.org
   Type:   unauthorized
   Detail: Invalid response from
   https://sabnzbd.ackis.duckdns.org/.well-known/acme-challenge/ImN-y-33bga-jybYuro_xl0EWW5FK-N-G-cJ                                                                                                               5APHsCo
   [68.148.53.117]: "<html>\r\n<head><title>403
   Forbidden</title></head>\r\n<body>\r\n<center><h1>403
   Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - The following errors were reported by the server:

   Domain: sonarr.ackis.duckdns.org
   Type:   unauthorized
   Detail: Invalid response from
   https://sonarr.ackis.duckdns.org/.well-known/acme-challenge/WwvVyEycB-XqrFbql4QANe9QDP5OLJdg-cP9n                                                                                                               -iwB-I
   [68.148.53.117]: "<html>\r\n<head><title>403
   Forbidden</title></head>\r\n<body>\r\n<center><h1>403
   Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - The following errors were reported by the server:

   Domain: ubooquityadmin.ackis.duckdns.org
   Type:   unauthorized
   Detail: Invalid response from
   http://ubooquityadmin.ackis.duckdns.org/.well-known/acme-challenge/SPWmOaPJSk62h_6mRg0E7WD868okUu                                                                                                               7OgW5IF7NSKPE
   [68.148.53.117]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body>\r\n<center><h1>404 Not
   Found</h1></center>\r\n<hr><center>nginx</center>\r\n"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
1 Like

wait, what’s the command you issued with --webroot?

did it look like certbot renew -d somedomain -a webroot -w /var/www/letsencrypt -i nginx ?

yeah, your workaround is probably interfering with that. I still have no idea why you use it.

1 Like

I didn't issue any command with webroot. I just ran certbot renew -a nginx like you suggested.

There's a bug with nginx where the installer doesn't work on some installs, so I was forced to use the webroot method.

I'm willing to get rid of it, if you think it'll help. I did for the ackis.duckdns.org domain (which is why I had the configuration error, I had to manually edit the config file) and it didn't seem to make a difference.

1 Like

did you not use, at any point in time, something that looks like certbot renew|run -a webroot -w /var/www/letsencrypt [-d domain] ?

try putting a file in that directory and check if you can see it from http://plexpy.ackis.duckdns.org/.well-known/acme-challenge/yourfile.txt

(or, better, try putting a file in /var/www/letsencrypt/.well-known/acme-challenge/)

1 Like

Yes I did - for all my domains that came up for renewal.

Did that - was able to see the file after messing with permissions, and then I was able to renew a couple certs.

1 Like

and the others gave what error?

1 Like

They’ve just been errors with the automatic nginx install so far - I’ve just had to convert them over to the webroot method. It looks like it was a permissions error.

I thought I had tested that out because I put a file in /var/www/letsencrypt and tried to access it via curl, but couldn’t, but when you told me to put a file in /var/www/letsencrypt/.well-known/acme-challenge/, that’s when I clued in that it may have been permissions. I’m not sure how it could have been because nothing changed there - it was an empty folder with www-data owning it, but who knows. It’s working now at least so I’m able to renew the certs that need to be renewed.

Going to get them all renewed over the next few days here, and hopefully just have it left on so I can forget about it and have everything just work.

Appreciate your help and patience with me.

1 Like

did you mkdir the directories before putting the file in there?

(you can become www-data with sudo -u www-data -s /bin/bash)

1 Like

Not originally. I had thought that the webroot declaration handled that. E.g. plexpy.ackis.duckdns.org/.well-known/acme-challenge/ was mapped directly to /var/www/letsencrypt/. So by having those folders we ended up with plexpy.ackis.duckdns.org/.well-known/acme-challenge/.well-known/acme-challenge/.

They exist in there now though (well earlier this afternoon before I made that other post).

1 Like

Hi @9peppe,

How can I check such information on our website hubbroker.com?

1 Like

it does. but that doesn’t do you any good if you put files inside manually.

You want to see the response headers?

either open the network tab in your browser development tools, or run curl -I http[s]://website in a terminal (install curl if it’s not)

1 Like

I’m not quite following you - if I put a file inside shouldn’t it be handled like a symbolic link to a directory?

the webroot declaration will create the .well-known/acme-challenge directory if it does not exist, but that doesn’t mean you won’t have to do the same, you can’t put files inside a non-existing directory (the webroot declaration cleans up after itself)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.