help...Can not be renewed manually

help…Can not be renewed manually

The error code is as follows:

Attempting to renew cert (***.com) from /etc/letsencrypt/renewal/***.com.conf produced an unexpected error: Failed authorization procedure. m.***.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://m.***.com/.well-known/acme-challenge/7uyunDo3-xphOfVzCpKbjKTuCLQGXa–_ZgQ59GDb4A [117.157.21.189]: 404, static.***.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://static.***.com/.well-known/acme-challenge/oC-1WPSEs7VFFGgBwNLpzZfIks2-ngDiF-aFYzarMy4: "

403 Forbidden <". Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/***.com/fullchain.pem (failure)

Please can you past the contents of your

Manual renewal and forced renewal failed
The same error
Python2.7.5

How to completely uninstall certbot-auto
I want to re-apply …

Can you post the output of

cat /etc/letsencrypt/renewal/***.com.conf

where ***.com is your actual domain name

1 Like

renew_before_expiry = 30 days

version = 0.15.0
archive_dir = /etc/letsencrypt/archive/***.com
cert = /etc/letsencrypt/live/***.com/cert.pem
privkey = /etc/letsencrypt/live/***.com/privkey.pem
chain = /etc/letsencrypt/live/***.com/chain.pem
fullchain = /etc/letsencrypt/live/***.com/fullchain.pem

Options used in the renewal process

[renewalparams]
authenticator = webroot
installer = None
account = f2c38b2e0ad3cf8eaccfb9ea593735b0
webroot_path = /data/wwwroot/www.***.com, /data/wwwroot/static.***.com, /data/wwwroot/en.***.com, /data/wwwroot/m.***.com
[[webroot_map]]
static.***.com = /data/wwwroot/static.***.com
***.com = /data/wwwroot/www.***.com
en.***.com = /data/wwwroot/en.***.com
m.***.com = /data/wwwroot/m.***.com
www.***.com = /data/wwwroot/www.***.com

Please forgive me for the domain name…

Do all these webroot paths exist ???

yes yes yes
As early as before the application for a certificate already exists

If you want a very quick fix for now, modify your renewal.conf file to this:

[renewalparams]
authenticator = standalone
installer = None
rsa_key_size = 4096
account = f2c38b2e0ad3cf8eaccfb9ea593735b0
#webroot_path = /data/wwwroot/www.***.com, /data/wwwroot/static.***.com, /data/wwwroot/en.***.com, /data/wwwroot/m.***.com
#[[webroot_map]]
#static.***.com = /data/wwwroot/static.***.com
#***.com = /data/wwwroot/www.***.com
#en.***.com = /data/wwwroot/en.***.com
#m.***.com = /data/wwwroot/m.***.com
#www.***.com = /data/wwwroot/www.***.com

And then renew the certificate manually by running sudo ./certbot-auto renew

NOTE: you will need to first manually stop your web server so that it can use the standalone authenticator and then restart your web server after it has completed renewal.

Once you get your certificate renewed then you can start fixing why your webroot ACME authentication is not working.

Failed to renew:

Attempting to renew cert (***.com) from /etc/letsencrypt/renewal/***.com.conf produced an unexpected error: Failed authorization procedure. m.***.com (tls-sni-01): urn:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure, static.***.com (tls-sni-01): urn:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/***.com/fullchain.pem (failure)

It would help if you provided your domain name to assist any further. There’s no need to conceal domain names here on this forum.

zooliv.com
nginx start
thank you…

Ok your DNS all seems fine. How did you install certbot ??? and what operating system?

cetos 6.5

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto

I would like to ask if you can not reload how to reload

1 Like

That installation method is correct. are you sure your /etc/letsencrypt/renewal/zooliv.com.conf file looks like this now?

renew_before_expiry = 30 days
version = 0.15.0
archive_dir = /etc/letsencrypt/archive/zooliv.com
cert = /etc/letsencrypt/live/zooliv.com/cert.pem
privkey = /etc/letsencrypt/live/zooliv.com/privkey.pem
chain = /etc/letsencrypt/live/zooliv.com/chain.pem
fullchain = /etc/letsencrypt/live/zooliv.com/fullchain.pem
[renewalparams]
authenticator = standalone
installer = None
rsa_key_size = 4096
account = f2c38b2e0ad3cf8eaccfb9ea593735b0
#webroot_path = /data/wwwroot/www.zooliv.com, /data/wwwroot/static.zooliv.com, /data/wwwroot/en.zooliv.com, /data/wwwroot/m.zooliv.com
#[[webroot_map]]
#static.zooliv.com = /data/wwwroot/static.zooliv.com
#zooliv.com = /data/wwwroot/www.zooliv.com
#en.zooliv.com = /data/wwwroot/en.zooliv.com
#m.zooliv.com = /data/wwwroot/m.zooliv.com
#www.zooliv.com = /data/wwwroot/www.zooliv.com

If you do want to reload / get a fresh copy of certbot simply repeat below

    wget https://dl.eff.org/certbot-auto -O certbot-auto
    chmod +x certbot-auto

renew_before_expiry = 30 days

version = 0.15.0
archive_dir = /etc/letsencrypt/archive/zooliv.com
cert = /etc/letsencrypt/live/zooliv.com/cert.pem
privkey = /etc/letsencrypt/live/zooliv.com/privkey.pem
chain = /etc/letsencrypt/live/zooliv.com/chain.pem
fullchain = /etc/letsencrypt/live/zooliv.com/fullchain.pem

Options used in the renewal process

[renewalparams]
authenticator = standalone
installer = None
rsa_key_size = 4096
account = f2c38b2e0ad3cf8eaccfb9ea593735b0
#webroot_path = /data/wwwroot/www.zooliv.com, /data/wwwroot/static.zooliv.com, /data/wwwroot/en.zooliv.com, /data/wwwroot/m.zooliv.com
#[[webroot_map]]
#static.zooliv.com = /data/wwwroot/static.zooliv.com
#zooliv.com = /data/wwwroot/www.zooliv.com
#en.zooliv.com = /data/wwwroot/en.zooliv.com
#m.zooliv.com = /data/wwwroot/m.zooliv.com
#www.zooliv.com = /data/wwwroot/www.zooliv.com

The test renewal order can not be successful after obtaining the certificate

Immediately expired, how to uninstall heavy equipment? in a hurry

Ok so try this now

sudo service nginx stop
sudo ./certbot-auto renew
sudo service nginx start

Failed …
Or the same as before the error code
What should we do now