Issues with renewing certbot certificate - urn:acme:error:unauthorized :: The client lacks sufficient authorization


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.hiptraveler.com

I ran this command: sudo certbot renew --dry-run to test renewal of certificate

It produced this output:

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.hiptraveler.com
http-01 challenge for turistavip.hiptraveler.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (www.hiptraveler.com) from /etc/letsencrypt/renewal/www.hiptraveler.com.conf produced an unexpected error: Failed authorization procedure. www.hiptraveler.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.hiptraveler.com/.well-known/acme-challenge/dXz_xT7pFoplozYQlSOF0j1wDfZM9jqG4yHHe8NIato: “Apache Tomcat/7.0.52 (Ubuntu) - Error report<!–H1 {font-family:Tahoma,Arial,sans-serif;color:”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.hiptraveler.com/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.hiptraveler.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

My web server is (include version): Apache/2.4.7 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 14.04

My hosting provider, if applicable, is:

Yes, I can login to a root shell on my machine

No, I’m not using a control panel to manage my site.

Note - I received an email from LetsEncrypt on May 17, 2018 that certificate for domain www.hiptraveler.com was expiring in 10 days (which was correct according to my calculation as well) but when I run command -
sudo certbot certificates, it shows me the following output -

Found the following certs:
Certificate Name: www.hiptraveler.com
Domains: www.hiptraveler.com turistavip.hiptraveler.com
Expiry Date: 2018-07-28 23:33:13+00:00 (VALID: 65 days)

Can You please check the validity of our certificate and tell me when it really is expiring? Cos if it is expiring on May 28th, 2018 as mentioned in the email, then I need to really resolve this issue as soon as possible.

Thank you so much!

Swati


#2

The current cert in use will expire in 2 months and 4 days:
https://www.ssllabs.com/ssltest/analyze.html?d=www.hiptraveler.com

The email notification is about a previously issued cert that will be expiring soon:
https://crt.sh/?q=www.hiptraveler.com

You can always check the validity of your currently installed (in use) cert with:
sudo certbot certificates


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.