Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: oim.tools
I ran this command:sudo certbot renew
It produced this output:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/oim.tools.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for oim.tools
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (oim.tools) from /etc/letsencrypt/renewal/oim.tools.conf produced an unexpected error: Failed authorization procedure. oim.tools (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://oim.tools/.well-known/acme-challenge/au-amgd_BX6B9AhoPKzHYjZhgq2X5QW1aqMnuCEeePQ [45.33.96.127]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/oim.tools/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
My web server is (include version): Apache/2.4.18 (Ubuntu) SVN/1.9.3 OpenSSL/1.0.2 mod_perl/2.0.9 Perl/v5.22.1
The operating system my web server runs on is (include version): Ubuntu 16.04.5 LTS (xenial)
My hosting provider, if applicable, is: linode.org
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.31.0
I should mention that I'm using an Apache virtual host on the server so maybe (?) the problem has to do with that configuration? Here's the virtual host section:
<VirtualHost *:443>
ServerAdmin onigame@gmail.com
ServerName oim.tools
ServerAlias *.oim.tools
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
DocumentRoot "/home/whuang/sdc/oim.tools/webserver/czar/"
<Directory "/home/whuang/sdc/oim.tools/webserver/czar/">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
<Location />
Order allow,deny
Allow from all
Deny from 188.138.188.34
</Location>
ErrorLog /home/whuang/sdc/oim.tools/logs/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /home/whuang/sdc/oim.tools/logs/access.log combined
ServerSignature On
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/oim.tools/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/oim.tools/privkey.pem
ProxyRequests Off
<Proxy *>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Proxy>
SSLProxyEngine on
ProxyPass /stateserver/ http://localhost:436/
ProxyPassReverse /stateserver/ http://localhost:436/
</VirtualHost>
<VirtualHost *:80>
ServerAdmin onigame@gmail.com
ServerName oim.tools
ServerAlias *.oim.tools
DocumentRoot "/home/whuang/sdc/oim.tools/webserver/czar/"
<Directory "/home/whuang/sdc/oim.tools/webserver/czar/">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
# use mod_rewrite for pretty URL support
RewriteEngine On
# If a directory or a file exists, use the request directly
RewriteCond %{SERVER_NAME} =*.oim.tools [OR]
RewriteCond %{SERVER_NAME} =oim.tools
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</Directory>
<Location />
Order allow,deny
Allow from all
</Location>
ErrorLog /home/whuang/sdc/oim.tools/logs/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /home/whuang/sdc/oim.tools/logs/access.log combined
ServerSignature On
</VirtualHost>
> apachectl -S
VirtualHost configuration:
*:443 is a NameVirtualHost
default server weihwa.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 443 namevhost weihwa.com (/etc/apache2/sites-enabled/000-default.conf:1)
alias www.weihwa.com
port 443 namevhost bapa.rocks (/etc/apache2/sites-enabled/bapa.rocks.conf:1)
wild alias *.bapa.rocks
port 443 namevhost oim.tools (/etc/apache2/sites-enabled/oim.tools.conf:1)
wild alias *.oim.tools
port 443 namevhost wczar.emagino.net (/etc/apache2/sites-enabled/wczar.emagino.net.conf:1)
alias wczar.emagino.net
alias wczar.emagino.com
alias wczar.weihwa.com
wild alias *.wczar.emagino.net
wild alias *.wczar.emagino.com
wild alias *.wczar.weihwa.com
*:80 is a NameVirtualHost
default server weihwa.com (/etc/apache2/sites-enabled/000-default.conf:47)
port 80 namevhost weihwa.com (/etc/apache2/sites-enabled/000-default.conf:47)
alias www.weihwa.com
port 80 namevhost m.czar.teamleftout.org (/etc/apache2/sites-enabled/aa.m.czar.teamleftout.org.conf:1)
alias m.czar.teamleftout.org
alias m.czar.emagino.net
port 80 namevhost bapa.rocks (/etc/apache2/sites-enabled/bapa.rocks.conf:47)
wild alias *.bapa.rocks
port 80 namevhost bayareanightgame.com (/etc/apache2/sites-enabled/bayareanightgame.com.conf:1)
wild alias *.bayareanightgame.com
port 80 namevhost bayareanightgame.org (/etc/apache2/sites-enabled/bayareanightgame.org.conf:1)
wild alias *.bayareanightgame.org
port 80 namevhost bigglobalgame.com (/etc/apache2/sites-enabled/bigglobalgame.com.conf:1)
wild alias *.bigglobalgame.com
port 80 namevhost bloodygoodtimes.com (/etc/apache2/sites-enabled/bloodygoodtimes.com.conf:1)
wild alias *.bloodygoodtimes.com
port 80 namevhost castle-of-time.com (/etc/apache2/sites-enabled/castle-of-time.com.conf:1)
alias castle-of-time.com
wild alias *.castle-of-time.com
port 80 namevhost czar.emagino.net (/etc/apache2/sites-enabled/czar.emagino.net.conf:1)
alias czar.emagino.net
alias czar.emagino.com
alias czar.weihwa.com
wild alias *.czar.emagino.net
wild alias *.czar.emagino.com
wild alias *.czar.weihwa.com
port 80 namevhost doctorwhen.com (/etc/apache2/sites-enabled/doctorwhen.com.conf:1)
alias doctorwhen.com
wild alias *.doctorwhen.com
port 80 namevhost dominionsetgenerator.com (/etc/apache2/sites-enabled/dominionsetgenerator.com.conf:1)
wild alias *.dominionsetgenerator.com
port 80 namevhost etherealendways.com (/etc/apache2/sites-enabled/etherealendways.com.conf:1)
wild alias *.etherealendways.com
port 80 namevhost etherealendways.emagino.net (/etc/apache2/sites-enabled/etherealendways.emagino.net.conf:1)
wild alias *.etherealendways.emagino.net
port 80 namevhost imopa.emagino.net (/etc/apache2/sites-enabled/imopa.emagino.net.conf:1)
alias imopa.emagino.net
wild alias *.imopa.emagino.net
port 80 namevhost imopa.info (/etc/apache2/sites-enabled/imopa.info.conf:1)
alias imopa.info
wild alias *.imopa.info
port 80 namevhost meepleschoice.win (/etc/apache2/sites-enabled/meepleschoice.win.conf:1)
wild alias *.meepleschoice.win
port 80 namevhost oim.tools (/etc/apache2/sites-enabled/oim.tools.conf:48)
wild alias *.oim.tools
port 80 namevhost oversqueak.com (/etc/apache2/sites-enabled/oversqueak.com.conf:1)
wild alias *.oversqueak.com
port 80 namevhost peachfrontier.com (/etc/apache2/sites-enabled/peachfrontier.com.conf:1)
wild alias *.peachfrontier.com
port 80 namevhost peachfrontier.emagino.net (/etc/apache2/sites-enabled/peachfrontier.emagino.net.conf:1)
wild alias *.peachfrontier.emagino.net
port 80 namevhost puzwiki.com (/etc/apache2/sites-enabled/puzwiki.com.conf:1)
wild alias *.puzwiki.com
port 80 namevhost racepics.tk (/etc/apache2/sites-enabled/racepics.tk.conf:1)
alias www.racepics.tk
alias racepics.weihwa.com
wild alias *.racepics.tk
port 80 namevhost rftgpics.tk (/etc/apache2/sites-enabled/rftgpics.tk.conf:1)
alias www.rftgpics.tk
alias rftgpics.weihwa.com
wild alias *.rftgpics.tk
port 80 namevhost rollforthegalaxy.com (/etc/apache2/sites-enabled/rollforthegalaxy.com.conf:1)
port 80 namevhost rollpics.tk (/etc/apache2/sites-enabled/rollpics.tk.conf:1)
alias www.rollpics.tk
alias rollpics.weihwa.com
wild alias *.rollpics.tk
port 80 namevhost spymaster.weihwa.com (/etc/apache2/sites-enabled/spymaster.weihwa.com.conf:1)
alias spymaster.weihwa.com
wild alias *.spymaster.weihwa.com
port 80 namevhost www.trenchwood.com (/etc/apache2/sites-enabled/trenchwood.com.conf:1)
alias trenchwood.com
wild alias *.trenchwood.com
port 80 namevhost www.trenchwood.emagino.net (/etc/apache2/sites-enabled/trenchwood.emagino.net.conf:1)
alias trenchwood.emagino.net
wild alias *.trenchwood.emagino.net
port 80 namevhost wczar.emagino.net (/etc/apache2/sites-enabled/wczar.emagino.net.conf:55)
alias wczar.emagino.net
alias wczar.emagino.com
alias wczar.weihwa.com
wild alias *.wczar.emagino.net
wild alias *.wczar.emagino.com
wild alias *.wczar.weihwa.com
port 80 namevhost xkcdclock.com (/etc/apache2/sites-enabled/xkcdclock.com.conf:1)
wild alias *.xkcdclock.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: MODPERL2
Define: ENABLE_USR_LIB_CGI_BIN
User: name="www-data" id=33
Group: name="www-data" id=33
