My domain is: www.e-d-i-t.nl, www.roda71.nl, wms-zimbra.e-d-i-t.nl and a lot more…
I ran this command: certbot automatic renew process
It produced this output: all kind of different errors, eventually killing nginx, so rev proxy is offline and every site unreachable.
My web server is (include version): nginx in rev proxy
The operating system my web server runs on is (include version): Debian 9
I can login to a root shell on my machine (yes or no, or I don’t know): yes
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): 0.10.2
Okay, that being said,…
I am getting al kind of errors when trying to renew certs. Eventually I disabled pre- and post-hook commands restarting nginx, cause in the end nginx cannot bind anymore putting the rev-proxy offline.
Some work, some don’t…
Works:
certbot renew --cert-name www.e-d-i-t.nl -a nginx --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/www.e-d-i-t.nl.conf
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for www.e-d-i-t.nl
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0058_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0058_csr-certbot.pem
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/www.e-d-i-t.nl/fullchain.pem
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/www.e-d-i-t.nl/fullchain.pem (success)
Fails:
certbot renew --cert-name wms-zimbra.e-d-i-t.nl -a nginx --force-renewal
Attempting to renew cert from /etc/letsencrypt/renewal/wms-zimbra.e-d-i-t.nl.conf produced an unexpected error: Failed authorization procedure. wms-zimbra.e-d-i-t.nl (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 247d3f23b4054c09a493b50052302d86.880550cec6e9d054c943d7a3e1ba4a72.acme.invalid from 212.78.210.99:443. Received 2 certificate(s), first certificate had names “dav.e-d-i-t.nl”. Skipping.
I had the authenticator in the config changed from standalone to nginx, but it makes no difference at the moment.
I’m out, have no clue what to do.
Kill current rev-proxy server running nginx and debian and just install ubuntu 16.04 instead with apache2? Seems to be less errors when Googling…