Help, certs could not be renewed


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.aooci.com

I ran this command: certbot renew

It produced this output:


Processing /usr/local/etc/letsencrypt/renewal/aooci.com.conf

All renewal attempts failed. The following certs could not be renewed:
/usr/local/etc/letsencrypt/live/aooci.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
[297670 refs]
IMPORTANT NOTES:

My web server is (include version): Apache 24

The operating system my web server runs on is (include version): FreeBSD 11

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

==============================================================================
The error comes out recently, I had a cron task to renew the certificate every day. it’s already working for some days. I can’t remember touched any configuration related. it’s strange that in the detail information. my domain name and the [.well-known/…] path has no separator. maybe it’s the problem, but I don’t know how to fix it. please give me some advices, thanks in advance.


#2

The redirect from HTTP to HTTPS is missing a slash (/), so the validation server is trying to connect to the hostname www.aooci.com.well-known, which doesn’t exist obviously.

Add a slash to your redirect and it will validate properly.

In more detail what is going wrong:

osiris@desktop ~ $ curl -Lv http://www.aooci.com/.well-known/acme-challenge/x9b_hh-QG01p9wPWBqHskYkfKUczuGdtFPOr2mGoJDY
*   Trying 194.78.218.128...
* Connected to www.aooci.com (194.78.218.128) port 80 (#0)
> GET /.well-known/acme-challenge/x9b_hh-QG01p9wPWBqHskYkfKUczuGdtFPOr2mGoJDY HTTP/1.1
> Host: www.aooci.com
> User-Agent: curl/7.49.0
> Accept: */*
> 
< HTTP/1.1 302 Found
< Date: Sun, 28 Oct 2018 13:26:51 GMT
< Server: Apache/2.4.25 (FreeBSD) OpenSSL/1.0.2j-freebsd PHP/7.1.3
< Location: https://www.aooci.com.well-known/acme-challenge/x9b_hh-QG01p9wPWBqHskYkfKUczuGdtFPOr2mGoJDY
< Content-Length: 275
< Content-Type: text/html; charset=iso-8859-1
< 
* Ignoring the response-body
* Connection #0 to host www.aooci.com left intact
* Issue another request to this URL: 'https://www.aooci.com.well-known/acme-challenge/x9b_hh-QG01p9wPWBqHskYkfKUczuGdtFPOr2mGoJDY'
* Could not resolve host: www.aooci.com.well-known
* Closing connection 1
curl: (6) Could not resolve host: www.aooci.com.well-known
osiris@desktop ~ $ 

See the location header, that’s the result of your redirect rule somewhere in your Apache configuration. It is missing the /.


#3

Great, problem fixed! thank you.