How to renew a certificate when the challenge path has moved


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:www.creatissus.com

I ran this command:./certbot-auto renew

It produced this output:

Encountered exception during recovery:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/error_handler.py”, line 108, in _call_registered
self.funcs-1
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 310, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/plugins/webroot.py”, line 222, in cleanup
os.remove(validation_path)
OSError: [Errno 2] No such file or directory: ‘/home/creatissus/public_html/preprod/.well-known/acme-challenge/J3RfEiEcEiEEK5mzwNQupagiTMsI6zVXc85q-SctaBI’
Attempting to renew cert (www.creatissus.com) from /etc/letsencrypt/renewal/www.creatissus.com.conf produced an unexpected error: [Errno 2] No such file or directory: ‘/home/creatissus/public_html/preprod’. Skipping.

My web server is (include version):Apache
Debian 8
The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):Webmin

I recently moved the root of website up one level from /preprod to /
Now the challenge fails. I can delete the SSL but is there another way to it?


#2

Yeah, I believe the recommended way is to re-run the command you ran to obtain the cert originally, but changing the webroot path to the updated one (presumably /home/creatissus/public_html). Alternatively you can change it directly in /etc/letsencrypt/renewal/www.creatissus.com.conf and run ./certbot-auto renew again.

If you frequently move things around you might try switching to using the --apache plugin rather than --webroot. The apache plugin creates its own temporary webroot and so doesn’t require knowledge of where the real webroot is.


#3

ok thank you, I’ll try with apache, it didn’t work in the past that’s why I use webroot instead.


#4

Hi i run the command and get the following message :

**


#5

Hi @refschool, you got that message when running ./certbot-auto --apache?


#6

Hi I didn’t run this commande because I dont to want alter the Apache configuration file…
I have 30 domains,if I run --apache (by the way i couln’t find a suitable documentation) are all the domains impacted? I just want to run for one domain only thanks.


#7

Ok it works when i run this command

./certbot-auto certonly --webroot -w /home/creatissus/public_html/ -d www.creatissus.com

the problem is with the non www when i append -d creatissus.com at the end

I have a catchall A record set up (with the *)


#8

This is tricky to diagnose in a browser due to the invalid certificate error (I instead used the command-line program curl), but the problem here is that www.creatissus.com and creatissus.com are serving different content—so their respective configurations don’t point to the same content on the server. In turn that means that -w /home/creatissus/public_html is only the correct webroot location for posting content on www.creatissus.com, but not for posting content on creatissus.com.

You can fix this either by updating the web server configuration so that creatissus.com has the same configuration as www.creatissus.com, or by figuring out what the webroot directory for creatissus.com should be and specifying it with an additional -w option to Certbot, like

./certbot-auto certonly --webroot -w /home/creatissus/public_html/ -d www.creatissus.com -w /somewhere-else/on-your/server -d creatissus.com


#9

I want creatissus.com and www.creatissus.com to serve the same content, so I have in my apahce config file
ServerName www.creatissus.com
ServerAlias creatissus.com

So i solved the problem by putting in the apache config file EITHER for ssl and non ssl the above directives.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.