Let's encrypt renewal error


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: flytteliten.nu

I ran this command: sudo ee site update www.flytteliten.nu --letsencrypt=renew

It produced this output: ERROR : Cannot RENEW SSL cert !
Your current cert will expire within 7 days.
Check logs for reason tail /var/log/ee/ee.log & Try Again!!!

Log: 2018-05-21 09:23:44,709 (DEBUG) ee : Running command: date -d “openssl x509 -in /etc/letsencrypt/live/flytteliten.nu/cert.pem -text -noout|grep "Not After"|cut -c 25-
2018-05-21 09:23:44,715 (DEBUG) ee : Command Output: Tue May 29 06:45:37 UTC 2018

My web server is (include version):

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Linode with terminal


#2

Are those the only two lines in that log file? Or are there more?


#3

Only those two lines.


#4

How about /var/log/letsencrypt/letsencrypt.log?


#5

flyttusr@localhost:~$ sudo tail /var/log/letsencrypt/letsencrypt.log
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 80, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 153, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 224, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. www.flytteliten.nu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.flytteliten.nu/.well-known/acme-challenge/TPeNf0LEtna0HXjKhdG6f7edssA9rfv7Y7e8efVQeZc: "

500 Internal Server Error

Internal Server Error


#6

Are you aware that www.flytteliten.nu and flytteliten.nu point to different servers?

If you want to be able to issue certificates for both domains, www.flytteliten.nu must at least properly redirect requests to the non-www version of the requested URL, but it doesn’t.

You will probably find that the Apache server on www.flytteliten.nu/195.74.38.120 contains some kind of special route for /.well-known/acme-challenge in its config that is preventing the 301 from happening. You’ll need to disable that route, or better yet, just point both domains to the same IP.


#7

Thanks. I will try that. :blush:


#8

It worked. Thanks for your time and response!


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.