I can not renew certificate

Hello there,

I execute following command and got following error and so I cannot renew certificate.

sudo letsencrypt renew --dry-run

My domain is:

OS: Ubuntu 18.04
Apache: 2.4.29

http://meotool.white-link.com/ forwards all traffic to https://
Neither of which seem to make any special handling for the requests to /.well-known/acme-challenge/

Please try placing a test file in the /.well-known/acme-challenge/ folder and see if it is accessible from the Internet.
[and to keep things as close as possible to the auth requests, make the test file without any extension]
[something like: http://meotool.white-link.com/.well-known/acme-challenge/test123 ]

Thank you for quick reply.

I created test123 and it is accessible from the internet.

However, I still cannot renew the certificate.

@bmw could this be an instance of the now-fixed bug about permissions under /var?

Thanks for the suggestion.

I did already chmod 777 /myDocumentRoot/public/.well-known/acme-challenge.

But, it did not work.

Here is my conf.

# renew_before_expiry = 30 days
version = 0.31.0
archive_dir = /etc/letsencrypt/archive/meotool-101.white-link.com
cert = /etc/letsencrypt/live/meotool-101.white-link.com/cert.pem
privkey = /etc/letsencrypt/live/meotool-101.white-link.com/privkey.pem
chain = /etc/letsencrypt/live/meotool-101.white-link.com/chain.pem
fullchain = /etc/letsencrypt/live/meotool-101.white-link.com/fullchain.pem

# Options used in the renewal process
account = 201908130cd1e3b372d8519091432ba4
authenticator = webroot
webroot_path = /var/vhost/meo_free_tool/public,
server = https://acme-v02.api.letsencrypt.org/directory
meotool.white-link.com = /var/vhost/meo_free_tool/public                                                                                                                          
meotool-101.white-link.com = /var/vhost/meo_free_tool/public

Just wondring.

If we set redirect like port 80 to port 443, would this be problem for letsencrypt?

Do your web server logs explain why the 403 error is being returned?

Does it have anything that blocks certain IP addresses? Bots, hosting company ranges, “automated” clients…? Rate limiting?

I can access your site from home and from one VPS, but I too get a 403 Forbidden error from an Amazon EC2 instance.

Dose letsencryt use AWS?

I did not know about that.

Our server gets lots of assess from AWS and so we decided to block all requests from them.

The Let’s Encrypt staging environment currently validates from Let’s Encrypt’s normal servers and from AWS.

The production environment currently makes requests from both, but currently does not rely on the results from AWS.

Let’s Encrypt’s policy is that they may validate from anywhere and servers need to allow any IP addresses to access /.well-known/acme-challenge/.

1 Like

Now we can renew the certificate.

Thank you very much for your help :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.