Due to unforeseen circumstances, I migrated apache to another server. The site(s) are working fine, with my existing certificates. However, I tried to do a dry-run for renewal and that was unable to succeed.
I ran this command:
certbot renew --dry-run
It produced this output:
Attempting to renew cert (geemusic.pendulus.org) from /etc/letsencrypt/renewal/geemusic.pendulus.org.conf produced an unexpected error: Failed authorization procedure. omicron.pendulus.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://omicron.pendulus.org/.well-known/acme-challenge/968rFubW1fBGjOlzZzyIW1x-ksYQO7wPOAAcGxtXbwo [22.214.171.124]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p". Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/geemusic.pendulus.org/fullchain.pem (failure)
My web server is (include version):
New: apache 2.4.38
Old: apache 2.2.22
The operating system my web server runs on is (include version):
New: Debian 10
Old: Debian 7
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
The URL it tries to access above does not exist. It never has, even on my old server.
So, I have no idea what the difference is, or what changed.
I’ve messed around with it for awhile, and not sure what’s going on.