My website is stixex.io.
It is the main domain, it works fine.
But we have also subdomain: admin.stixex.io, it doesn't work
I think certificate is expired.
So I need to extend the valid date, please help me
Best regards
Our server is running on nginx (ubuntu),
certbot 1.7.0
root@ubuntu-2gb-hel1-3:/etc# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
When I try certbot renew, the results are following:
root@ubuntu-2gb-hel1-3:/etc# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/admin.stixex.io.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for admin.stixex.io
Using the webroot path /var/www/letsencrypt for all unmatched domains.
Waiting for verification...
Challenge failed for domain admin.stixex.io
http-01 challenge for admin.stixex.io
Cleaning up challenges
Attempting to renew cert (admin.stixex.io) from /etc/letsencrypt/renewal/admin.stixex.io.conf produced an unexpected error: Some challenges have failed.. Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/api.stixex.io.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for api.stixex.io
Using the webroot path /var/www/letsencrypt for all unmatched domains.
Waiting for verification...
Challenge failed for domain api.stixex.io
http-01 challenge for api.stixex.io
Cleaning up challenges
Attempting to renew cert (api.stixex.io) from /etc/letsencrypt/renewal/api.stixex.io.conf produced an unexpected error: Some challenges have failed.. Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/stixex.io.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/admin.stixex.io/fullchain.pem (failure)
/etc/letsencrypt/live/api.stixex.io/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certs are not due for renewal yet:
/etc/letsencrypt/live/stixex.io/fullchain.pem expires on 2021-08-05 (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/admin.stixex.io/fullchain.pem (failure)
/etc/letsencrypt/live/api.stixex.io/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: admin.stixex.io
Type: unauthorized
Detail: Invalid response from
http://admin.stixex.io/.well-known/acme-challenge/WvtUg6Hnq8n69T_Y5zImH91Nnpb1rZMO1I0ATIhoS40
[135.181.144.36]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ub"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- The following errors were reported by the server:
Domain: api.stixex.io
Type: unauthorized
Detail: Invalid response from
http://api.stixex.io/.well-known/acme-challenge/IHhuGtW9rAyACue3YwRA1_6zCJV05MpbsSHr7WzPx4Y
[135.181.144.36]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ub"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I don't know how your webroot path got set to /var/www/letsencrypt but this is probably wrong—this is supposed to be set to the top-level content directory for each individual web site, so that Certbot can place files in it that appear directly at the top level of each web site. Do you have such a directory for each of these sites? If so, can you change the webroot path to the correct location for each domain?
I am the first for the letsencrypt.
Previous developer made this all, and it worked 2~3days ago.
I am not sure where I can change the webroot path.
Thanks
You can edit the individual text files in /etc/letsencrypt/renewal — there should be one for each certificate and they should have a webroot_path setting in them. If you edit that value, certbot renew will try to use the new value that you provide.
Yes I can find the "webroot_path" in the files, but I am not sure how I can find the top-level content directory for each individual web site.
Actually the directory : www/var/letsencrypto is empty
A further thing to try would be creating a file called test.txt in each of those directories, and seeing if you can then access it with http://api.stixex.io/test.txt (and the other one).
So, this makes me think that the directory that you specified is not the correct one for Certbot's purposes here.
(1) Can you find some other directory where the test.txt could be placed that would work?
(2) If not, would you be interested in trying other methods for Certbot to prove your control over the domain names that don't involve finding an existing directory from which static files are being served?
I'm concerned that there might be some rule defined in your nginx configuration to specifically serve this from a different location (distinct from the rest of your files). Could you try this?