Letsencrypt re-new test fail

andregr-jp · June 29, 2018, 8:41pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
https://filmstopia.com

I ran this command:
certbot renew --dry-run

It produced this output:
Attempting to renew cert (filmstopia.com) from /etc/letsencrypt/renewal/filmstopia.com.conf produced an unexpected error: Failed authorization procedure. filmstopia.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://filmstopia.com/.well-known/acme-challenge/N8vKDHyfLT7aO5S0IP_mTFkX1NRASR7BWxA_ksKkOdY: “<!doctype html> <!–[if IE 8]> <”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/filmstopia.com/fullchain.pem (failure)

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: filmstopia.com
Type: unauthorized
Detail: Invalid response from
http://filmstopia.com/.well-known/acme-challenge/N8vKDHyfLT7aO5S0IP_mTFkX1NRASR7BWxA_ksKkOdY:
“<!doctype html> <!–[if IE 8]> <”

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version):
Server version: Apache/2.4.18 (Ubuntu)
Server built: 2018-04-18T14:53:04

The operating system my web server runs on is (include version):
Ubuntu 16.04

My hosting provider, if applicable, is:
Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes - Wordpress

Also I added a test file in the following path, which I can access it:
https://filmstopia.com/.well-known/acme-challenge/test.txt

I am not sure if is related to https re-direct from Cloudflare and Wordpress, or IPv6 issue. But I could install the certificate.
Can I re-new the certificate manually by re-install a new one? or I need to re-new it with one of the pre-defined methods?

Thanks
Andrew

andregr-jp · June 29, 2018, 8:47pm

Hi again,

I fixed the issue, was the “strict” re-direction from Cloudflare. When i turned it off, i could renew the certificate

Not sure if i can close the ticket, or automatically will close after a month

stevenzhu · June 29, 2018, 8:52pm

It would close after a month…

P.S. there should be a button or something said resolve (which would make a topic as already resolved) Click in that would help.

Thank you

system · July 29, 2018, 8:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.