Issue renewing certification

RosarioAleCali · October 11, 2018, 5:31pm

My domain is: edafos.eng.yorku.ca

I ran this command: certbot renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/edafos.eng.yorku.ca.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for edafos.eng.yorku.ca
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (edafos.eng.yorku.ca) from /etc/letsencrypt/renewal/edafos.eng.yorku.ca.conf produced an unexpected error: Failed authorization procedure. edafos.eng.yorku.ca (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested d5cbe201f4427a3a3ed8fd9b7387b858.277d1e411bccb75e6ca43359cf6125e6.acme.invalid from 130.63.76.150:443. Received 2 certificate(s), first certificate had names “edafos.eng.yorku.ca”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/edafos.eng.yorku.ca/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/edafos.eng.yorku.ca/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: edafos.eng.yorku.ca
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
d5cbe201f4427a3a3ed8fd9b7387b858.277d1e411bccb75e6ca43359cf6125e6.acme.invalid
from 130.63.76.150:443. Received 2 certificate(s), first
certificate had names “edafos.eng.yorku.ca”

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version): nginx/1.12.2

The operating system my web server runs on is (include version): centos 7.5

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

JuergenAuer · October 11, 2018, 6:43pm

Hi @RosarioAleCali

the tls-sni-01 challenge is deprecated. So try to use

certbot renew --preferred-challenges http

JuergenAuer · October 11, 2018, 6:47pm

PS: But your webserver has a wrong configuration. Tested

D:\temp>download https://edafos.eng.yorku.ca/.well-known/acme-challenge/1234 -h
SSL-Zertifikat is valide
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1842
Content-Type: text/html
Date: Thu, 11 Oct 2018 18:45:16 GMT
ETag: "5ba80dc2-732"
Last-Modified: Sun, 23 Sep 2018 22:03:46 GMT
Server: nginx/1.12.2

Status: 200 OK

602,34 milliseconds
0,60 seconds

sends a http - status 200, but the browser shows

404 - Page Not Found

I'm sorry, the page you were looking for cannot be found!

So you should send a http status 404.

system · November 10, 2018, 6:47pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.