Issue with renewing certificate - Error getting validation data


#1

I am renewing certificate for domain frombaltic.ru using certbot-auto renew.
However, the output is quite generic:
Domain: www.frombaltic.ru
Type: connection
Detail: Fetching
http://www.frombaltic.ru/.well-known/acme-challenge/tFKDT1kgB4SwJA79bMiQ4M4EvbEcjwASRcc_b6tsns4:
Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

I am running it on a digital ocean instance with quite an old Ubuntu installation using nginx.


#2

https://letsdebug.net/www.frombaltic.ru/2647

Redirect loop.


#3

Wow! Thanks! Will look into nginx configs and try to sort it out from there!


#4

Hi @krbchnk

now the redirect loop is fixed. And you have already a new letsencrypt-certificate. Valid from 2018-07-16, Monday.

So this part works.

But you should fix your mixed content warnings. Firefox / Chrome (Desktop), then Ctrl + Shift + i, there select the console. Something like

http://frombaltic.ru/wp-content/uploads/2017/06/skipped

should be https


#5

Okay, found an issue with the redirect. Now have the following message return at unsuccessful ./certbot-auto renew:

   Domain: www.frombaltic.ru
   Type:   unauthorized
   Detail: Invalid response from
   http://www.frombaltic.ru/.well-known/acme-challenge/0Fd0cJyEAN4j3gRFwbU1nPPQfskKDo5r3EsCJltl4Q4:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address

#6

Try

./certbot-auto renew -a nginx --dry-run

Otherwise please post the full log from /var/log/letsencrypt.log.


#7

Hmmmmm, surprisingly, dry-run was successful, and then the actual renew with -a was successful!
Not sure what the actual problem was, but now everything is fine and works! Thank you!!!


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.