Yes it works:
root@ubuntu-2gb-hel1-3:/etc/nginx/test# fgrep -r -A 5 .well-known /etc/nginx
/etc/nginx/acme:location /.well-known {
/etc/nginx/acme- root /var/www/letsencrypt;
/etc/nginx/acme-}
Yes it works:
root@ubuntu-2gb-hel1-3:/etc/nginx/test# fgrep -r -A 5 .well-known /etc/nginx
/etc/nginx/acme:location /.well-known {
/etc/nginx/acme- root /var/www/letsencrypt;
/etc/nginx/acme-}
OK, well, that does explain a lot for me.
Can you run this command?
ls -la /var/www/letsencrypt
If there's nothing there, we might need to make a symbolic link like this:
cd /var/www/letsencrypt; sudo ln -s .well-known .
and then change the webroot_path
entries back to /var/www/letsencrypt
. The symbolic link should make them work as expected.
root@ubuntu-2gb-hel1-3:/etc/letsencrypt/archive/admin.stixex.io# ls -la /var/www/letsencrypt
total 8
drwxr-xr-x 2 root root 4096 Jun 8 02:45 .
drwxr-xr-x 4 root root 4096 Mar 8 13:09 ..
this is the result of ls -la /var/www/letsencrypt
OK, I would suggest doing
cd /var/www/letsencrypt; sudo ln -s .well-known .
and then changing webroot_path
back to /var/www/letsencrypt
. Hopefully your renewal will then work!
I just done all and the result is this:
root@ubuntu-2gb-hel1-3:/var/www/letsencrypt# cd /var/www/letsencrypt; sudo ln -s .well-known .
root@ubuntu-2gb-hel1-3:/var/www/letsencrypt# ll
total 8
drwxr-xr-x 2 root root 4096 Jun 8 09:22 ./
drwxr-xr-x 4 root root 4096 Mar 8 13:09 ../
lrwxrwxrwx 1 root root 11 Jun 8 09:22 .well-known -> .well-known
When I try to renew the result is this:
root@ubuntu-2gb-hel1-3:/var/www/letsencrypt# sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/admin.stixex.io.conf
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for admin.stixex.io
Using the webroot path /var/www/letsencrypt for all unmatched domains.
Cleaning up challenges
Encountered exception during recovery:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py", line 181, in _create_challenge_dirs
filesystem.mkdir(prefix, 0o755)
File "/usr/lib/python3/dist-packages/certbot/compat/filesystem.py", line 313, in mkdir
return os.mkdir(file_path, mode)
FileExistsError: [Errno 17] File exists: '/var/www/letsencrypt/.well-known'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py", line 83, in perform
self._create_challenge_dirs()
File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py", line 190, in _create_challenge_dirs
raise errors.PluginError(
certbot.errors.PluginError: Couldn't create root for admin.stixex.io http-01 challenge responses: [Errno 17] File exists: '/var/www/letsencrypt/.well-known'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/error_handler.py", line 125, in _call_registered
self.funcs-1
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 243, in _cleanup_challenges
self.auth.cleanup(achalls)
File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py", line 224, in cleanup
os.remove(validation_path)
OSError: [Errno 40] Too many levels of symbolic links: '/var/www/letsencrypt/.well-known/acme-challenge/0nRdmyW0GftexF--C5jJxCDZCku_IVXzFZvVmzDihaM'
Attempting to renew cert (admin.stixex.io) from /etc/letsencrypt/renewal/admin.stixex.io.conf produced an unexpected error: Couldn't create root for admin.stixex.io http-01 challenge responses: [Errno 17] File exists: '/var/www/letsencrypt/.well-known'. Skipping.
Processing /etc/letsencrypt/renewal/api.stixex.io.conf
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for api.stixex.io
Using the webroot path /var/www/letsencrypt for all unmatched domains.
Cleaning up challenges
Encountered exception during recovery:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py", line 181, in _create_challenge_dirs
filesystem.mkdir(prefix, 0o755)
File "/usr/lib/python3/dist-packages/certbot/compat/filesystem.py", line 313, in mkdir
return os.mkdir(file_path, mode)
FileExistsError: [Errno 17] File exists: '/var/www/letsencrypt/.well-known'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py", line 83, in perform
self._create_challenge_dirs()
File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py", line 190, in _create_challenge_dirs
raise errors.PluginError(
certbot.errors.PluginError: Couldn't create root for api.stixex.io http-01 challenge responses: [Errno 17] File exists: '/var/www/letsencrypt/.well-known'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/error_handler.py", line 125, in _call_registered
self.funcs-1
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 243, in _cleanup_challenges
self.auth.cleanup(achalls)
File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/webroot.py", line 224, in cleanup
os.remove(validation_path)
OSError: [Errno 40] Too many levels of symbolic links: '/var/www/letsencrypt/.well-known/acme-challenge/UEcssxx1dDSDVxBh_wq6SD5u7b7mQ7BTRqZmb4NF64Y'
Attempting to renew cert (api.stixex.io) from /etc/letsencrypt/renewal/api.stixex.io.conf produced an unexpected error: Couldn't create root for api.stixex.io http-01 challenge responses: [Errno 17] File exists: '/var/www/letsencrypt/.well-known'. Skipping.
Processing /etc/letsencrypt/renewal/stixex.io.conf
Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/admin.stixex.io/fullchain.pem (failure)
/etc/letsencrypt/live/api.stixex.io/fullchain.pem (failure)
The following certs are not due for renewal yet:
/etc/letsencrypt/live/stixex.io/fullchain.pem expires on 2021-08-05 (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/admin.stixex.io/fullchain.pem (failure)
/etc/letsencrypt/live/api.stixex.io/fullchain.pem (failure)
2 renew failure(s), 0 parse failure(s)
I'm sorry, I didn't think through that command properly.
cd /var/www/letsencrypt; sudo rm .well-known; sudo ln -s . .well-known
The version I gave you before was backwards!
Hello Schoen!
I am really thanks for your help
I've done this:
Hello Schoen!
Do you have any idea for me
After you did the new ln -s
command, did you try re-running Certbot?
Yes I did, but I have the same issue
I mean the first issue:
root@ubuntu-2gb-hel1-3:~# sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/admin.stixex.io.conf
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for admin.stixex.io
Using the webroot path /var/www/letsencrypt for all unmatched domains.
Waiting for verification...
Challenge failed for domain admin.stixex.io
http-01 challenge for admin.stixex.io
Cleaning up challenges
Attempting to renew cert (admin.stixex.io) from /etc/letsencrypt/renewal/admin.stixex.io.conf produced an unexpected error: Some challenges have failed.. Skipping.
Processing /etc/letsencrypt/renewal/api.stixex.io.conf
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for api.stixex.io
Using the webroot path /var/www/letsencrypt for all unmatched domains.
Waiting for verification...
Challenge failed for domain api.stixex.io
http-01 challenge for api.stixex.io
Cleaning up challenges
Attempting to renew cert (api.stixex.io) from /etc/letsencrypt/renewal/api.stixex.io.conf produced an unexpected error: Some challenges have failed.. Skipping.
Processing /etc/letsencrypt/renewal/stixex.io.conf
Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/admin.stixex.io/fullchain.pem (failure)
/etc/letsencrypt/live/api.stixex.io/fullchain.pem (failure)
The following certs are not due for renewal yet:
/etc/letsencrypt/live/stixex.io/fullchain.pem expires on 2021-08-05 (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/admin.stixex.io/fullchain.pem (failure)
/etc/letsencrypt/live/api.stixex.io/fullchain.pem (failure)
2 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: admin.stixex.io
Type: unauthorized
Detail: Invalid response from
http://admin.stixex.io/.well-known/acme-challenge/x0pzrQ6jBDIa-sbYWjf9xhIvcPV0jbJC0IiEeOh4Dnw
[135.181.144.36]: "\r\n404 Not
Found\r\n\r\n
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
The following errors were reported by the server:
Domain: api.stixex.io
Type: unauthorized
Detail: Invalid response from
http://api.stixex.io/.well-known/acme-challenge/oJObwNE9bIDX8SuAhdjxvFWqABzJ39Sv1gxa1kdL8dQ
[135.181.144.36]: "\r\n404 Not
Found\r\n\r\n
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
OK, maybe we can go back to the "where can test.txt
be placed" question:
If you place a file test.txt
in /var/www/letsencrypt
, can you then see its contents at http://admin.stixex.io/.well-known/test.txt?
OK I will try to add the file and let you know
Please show us this file:
I replaced it and I can see the file.
I am checking this file
The content is like this:
# renew_before_expiry = 30 days
version = 1.7.0
archive_dir = /etc/letsencrypt/archive/stixex.io
cert = /etc/letsencrypt/live/stixex.io/cert.pem
privkey = /etc/letsencrypt/live/stixex.io/privkey.pem
chain = /etc/letsencrypt/live/stixex.io/chain.pem
fullchain = /etc/letsencrypt/live/stixex.io/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = fe5a883ed23e0534f04df060b588a3c5
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = webroot
webroot_path = /var/www/letsencrypt,
[[webroot_map]]
stixex.io = /var/www/letsencrypt
www.stixex.io = /var/www/letsencrypt
Did you delete it afterwards? I don't see it at the moment.
No I can see it now.
Just to make sure, to check the http url, I am using the incognito mode, and proceed ....
The expected challenge path might be deeper though and the file type usually has no extension:
[something more like]
http://admin.stixex.io/.well-known/acme-challenge/test-file-1234
So, if you could, try adding that folder and a file in it.
Huh, that's not what I see at all. It seems like we might be on the verge of identifying an important problem. Where are you accessing this from?
Can you think of any reason that people outside of your host's network would see a different result from you?