Hi, since 2 weeks it get the error during the cron steered renew process. I'm not sure what happens. I can say, that I didn't change anything on my server. It was working in the past without any problems. What is going wrong? Please help me

Help
1

My domain is:ncloud.spdns.org

I ran this command:/usr/bin/certbot renew >> /var/log/le-renew.log

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing…
Non-interactive renewal: random delay of 204 seconds
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ncloud.spdns.org
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (ncloud.spdns.org) from /etc/letsencrypt/renewal/ncloud.spdns.org.conf produced an unexpected error: Failed authorization procedure. ncloud.spdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ncloud.spdns.org/.well-known/acme-challenge/e1QTcTfiEBWHfn4KZZAPAU548XCY2nBFFyUK8W1xLPI[95.233.47.81]: “\n\n400 Bad Request\n\n

Bad Request</h1”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ncloud.spdns.org/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

My web server is (include version):Apache 2.4.6

The operating system my web server runs on is (include version):CentOS Linux release 7.6.1810

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

2

Hi @hhorch

checking your domain via https://check-your-website.server-daten.de/?q=ncloud.spdns.org there you see the problem:

Domainname Http-Status redirect Sec. G
http://ncloud.spdns.org/
95.233.47.81 400 0.080 M
Bad Request
https://ncloud.spdns.org/
95.233.47.81 -14 11.550 T
Timeout - The operation has timed out
https://ncloud.spdns.org/index.php/login 200 0.596 A
https://ncloud.spdns.org:80/
95.233.47.81 302 https://ncloud.spdns.org/index.php/login 0.510 Q
Visible Content:
http://ncloud.spdns.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
95.233.47.81 400 0.090 M
Bad Request
Visible Content: Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.

The content of the "Bad Request" - http status 400:

Your port 80 sends https requests, that can't never work.

Looks like this is a home server and you have a wrong port forwarding rule port 80 extern -> port 443 intern.

You need two port forwarding rules:

  • port 80 extern -> port 80 intern
  • port 443 extern -> port 443 intern
1 Like
3

Hi Juergen,
thanks for your quick help. I’ve changed the settings on my router and now it works.

Grüße aus Südtirol
Hartmut

2 Likes
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.