Letsencrypt-auto renew failed


#1

Please fill out the fields below so we can help you better.

My domain is: www.gutes-aus-deutschland.de

I ran this command:./letsencrypt-auto renew

It produced this output:Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/www.gutes-aus-deutschland.de.conf produced an unexpected error:
Failed authorization procedure. gutes-aus-deutschland.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response
from http://gutes-aus-deutschland.de/.well-known/acme-challenge/8zm_aKUqhtg4PtI-WYw8hExI655wI7TPJSGSu7-Wt9U: "

404 Not Found

Not Found

<p", www.gutes-aus-deutschland.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.gutes-aus-deutschland.de/.well-known/acme-challenge/gOxTUdx0rPaLDt0eEkGmllx-7H9SPKcgtL9q82-hNm0: " 404 Not Found

Not Found

<p". Skipping.

Processing /etc/letsencrypt/renewal/smtp.gutes-aus-deutschland.de.conf

Cert not yet due for renewal

The following certs are not due for renewal yet:
/etc/letsencrypt/live/smtp.gutes-aus-deutschland.de/fullchain.pem (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.gutes-aus-deutschland.de/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

My operating system is (include version): Debian GNU/Linux 7 \n \l

My web server is (include version): apache 2.2.22

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

I have checked the directories /.well-known/acme-challenge are 755 and so I put a text file inside which I can reach from my browser.
The directories are empty accept of this file so I think this is the fault?

Can I get help to fix this problem?


#3

No, the validation challenge is put in that directory and once it is (or rather should have been in your case as it is failing) used, it is removed again.

Where did you put your test file? I’m interested in the exact location on your server.
And could you verify that the “base” (i.e., without the /.well-known/acme-challenge/ part) is exactly the same as mentioned in /etc/letsencrypt/renewal/smtp.gutes-aus-deutschland.de.conf? It could be that “base” directory is mentioned as the webroot_path or in a section called [[webroot_map]]. In eithe case, it should be there. Alternatively, you could paste the contents of that file here if you’re not sure.


#4

The smtp.gutes-aus-deutschland.de.conf file is used for the e-mail certificate this renew worked fine, - there is also a www.gutes-aus-deutschland.de.conf file with a webroot map : [[webroot_map]]
gutes-aus-deutschland.de = /var/www
www.gutes-aus-deutschland.de = /var/www
the file is in this subfolder /var/www/gutes-aus-deutschland-de
but ther is also an empty .well-known /var/www root directory


#5

excuse me the complete path to the file I can reach with my browser is:
/var/www/gutes-aus-deutschland-de/.well-known/acme-challenge
the empty .well-known directory is located at:
/var/www


#6

This probably means that you should change both references from /var/www to /var/www/gutes-aus-deutschland-de in the configuration file (because then the true webroot directory for that domain isn’t /var/www, but rather /var/www/gutes-aus-deutschland.de).


#7

Thats it! Renew works fine now. Many thanks to you all :slight_smile:

I wish you a nicw day


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.