beehaw
April 15, 2022, 4:32pm
1
Someone tried to help me here yesterday but I'm still having trouble with this.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.beehaw.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for beehaw.org and www.beehaw.org
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: www.beehaw.org
Type: unauthorized
Detail: Invalid response from https://beehaw.org [137.184.145.108]: "\n <!DOCTYPE html>\n <html lang=\"en\">\n <head>\n <script>window.isoData = {\"path\":\"\\u002F\","
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Failed to renew certificate www.beehaw.org with error: Some challenges have failed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/www.beehaw.org/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
9peppe
April 15, 2022, 4:50pm
2
$ curl -IL www.beehaw.org/.well-known/acme-challenge/test
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 15 Apr 2022 16:48:06 GMT
Connection: keep-alive
Location: https://beehaw.org
X-Served-By: Namecheap URL Forward
HTTP/2 200
server: nginx
date: Fri, 15 Apr 2022 16:48:07 GMT
content-type: text/html; charset=utf-8
content-length: 294057
vary: Accept-Encoding
x-powered-by: Express
etag: W/"47ca9-2VSchF/+CqicOAUj5Gg1cvQN5CU"
strict-transport-security: max-age=63072000
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
You should probably point your domain directly to your server instead of using the namecheap thingy.
1 Like
beehaw
April 15, 2022, 5:09pm
3
Why? Would this somehow let me renew the certificate?
9peppe
April 15, 2022, 5:23pm
4
No, but it will let certbot answer directly instead of relying on a half-broken redirect.
It will probably work.
1 Like
beehaw
April 15, 2022, 5:30pm
5
I guess I could try it. I believe it may take an hour or so to propagate. I'll come back later and let you know if it worked or not. Thanks for the help.
rg305
April 15, 2022, 6:03pm
6
I'm confused about this post:
1 Like
beehaw
April 15, 2022, 6:35pm
8
It didn't work. Have any other recommendations?
9peppe
April 15, 2022, 6:36pm
9
show me what certbot tells you.
$ curl -IL www.beehaw.org/.well-known/acme-challenge/test
curl: (6) Could not resolve host: www.beehaw.org
did you actually point that domain to your server?
1 Like
beehaw
April 15, 2022, 6:45pm
10
It shows the exact same thing as what I showed at the top of this thread.
did you actually point that domain to your server?
I'm not sure what you mean. Please, explain.
9peppe
April 15, 2022, 6:48pm
11
please tell me what are you trying to achieve. what domains, servers and IP addresses explicitly.
1 Like
beehaw
April 15, 2022, 6:50pm
12
I just want a certificate for https://beehaw.org AND NOT the subdomain (www).
9peppe
April 15, 2022, 6:52pm
13
ok, show me certbot certificates
beehaw
April 15, 2022, 6:59pm
14
Giuseppe C.:
certbot certificates
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: www.beehaw.org
Serial Number: 3473f076c39ab3189b3affb9068462a7263
Key Type: RSA
Domains: beehaw.org www.beehaw.org
Expiry Date: 2022-04-29 21:51:47+00:00 (VALID: 14 days)
Certificate Path: /etc/letsencrypt/live/www.beehaw.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.beehaw.org/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9peppe
April 15, 2022, 7:06pm
15
certbot renew --cert-name www.beehaw.org -d beehaw.org --renew-with-new-domains
please know that this isn't really advisable unless you really know what you're doing.
1 Like
beehaw
April 15, 2022, 7:09pm
16
Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command instead. The renew verb may provide other options for selecting certificates to renew in the future.
9peppe
April 15, 2022, 7:13pm
17
ok, then:
certbot run --nginx --cert-name www.beehaw.org -d beehaw.org --renew-with-new-domains
2 Likes
beehaw
April 15, 2022, 7:14pm
18
NEXT STEPS:
- The certificate was saved, but could not be installed (installer: nginx). After fixing the error shown below, try installing it again by running:
certbot install --cert-name www.beehaw.org
Problem in /etc/nginx/sites-enabled/lemmy.conf: tried to insert directive "[['if', '($host', '=', 'beehaw.org)'], [['return', '301', 'https://$host$request_uri']]]" but found conflicting "[['if', '($host', '=', 'beehaw.org)'], [['#', '\tbeehaw.org www.beehaw.org;'], ['return', '301', 'https://beehaw.org$request_uri']]]".
beehaw
April 15, 2022, 7:18pm
20
So, it should be renewed now?