My certificates dont renew

Good afternoon, I use digitalocean. Ubuntu 18.
I have installed letsencrypt, easyengine, nginx, certbot.

I installed all my wordpress sites with this script:

sudo ee site create yoursitename.com --type = wp --ssl = le --cache --yes

all certificates on my sites have expired.

I can not renew!

My sites path is in:

/ opt / easyengine / sites

I tried to use:
certbot
/ certbot-auto renew
/ opt / letsencrypt / letsencrypt-auto renew
sudo certbot renew

nothing works, I always get this message:

http-01 challenge for www.dietasbaratas.com
http-01 challenge for dietasbaratas.com
Waiting for verification …
Cleaning up challenges
Failed authorization procedure. www.dietasbaratas.com (http-01): urn: ietf: params: acme: error: unauthorized :: The client lacks sufficient authorization :: Invalid response from https://dietasbaratas.com/.well-known/acme-challenge / J1xdxP8j3CQD1hStF9FbcfTzh4aDoo-HTlu7hNxzMNk

Hi @wallkp

checking your domain there is a cPanel - certificate ( https://check-your-website.server-daten.de/?q=dietasbaratas.com#ct-logs ):

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-06-20 2019-09-18 dietasbaratas.com, www.dietasbaratas.com
2 entries
Let’s Encrypt Authority X3 2019-06-18 2019-09-16 dietasbaratas.com, www.dietasbaratas.com
2 entries
Let’s Encrypt Authority X3 2019-06-14 2019-09-12 autodiscover.dietasbaratas.com, cpanel.dietasbaratas.com, dietasbaratas.com, mail.dietasbaratas.com, webdisk.dietasbaratas.com, webmail.dietasbaratas.com, www.dietasbaratas.com
7 entries

If you use cPanel, you shouldn’t use an own Certbot.

Isn’t it possible to renew that certificate?

You have a redirect http -> https.

What says

nginx -T

Hi @JuergenAuer
Nginx -T
https://paste.ubuntu.com/p/Tqs2fW5Wr6/

i use too:
sudo nginx -t -c /etc/nginx/nginx.conf
its say

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

I am very lost, I used cpanel in my old hosting (hostgator).
I already canceled my hostgator service.

Now I just use my VPS on Putty.

I use the ZOHO email service, can this interfere with certificate renewal?

Ok, then the cPanel certificate isn’t relevant.

Your configuration doesn’t have a port 80 vHost with your domain name. So create one with your non-www and www as server_name.

Then try to use

certbot --nginx -d dietasbaratas.com -d www.dietasbaratas.com

and share the complete output (if it doesn’t work).

@JuergenAuer
pastebin certbot --nginx -d
https://paste.ubuntu.com/p/ZsRczhcvwQ/

pastebin letsencryptlog
https://paste.ubuntu.com/p/2wBZsFJQvn/

ohh sorry, u say for create port80 vHost, i dont know how make

Please: You are using wrong commands, not renew. There is a standalone used.

2019-09-24 06:25:11,641:DEBUG:certbot.main:Arguments: [’–standalone’, ‘-d’, ‘dietasbaratas.com’, ‘-d’, ‘www.dietasbaratas.com’]

And never use -q, that may hide errors.

First share again your configuration:

nginx -T

Looks like your vHost configuration is wrong.

If you don’t run a webserver, --standalone should always work. But then it’s hard to debug if there are firewall- or port errors.

I am looking for a tutorial on how to create Vhost port 80.

I need to create the path /etc/nginx/sites-available/mydomain.com
to set up …

"server {
listen to 80;

server_name mydomain.com;

rewrite ^ https: //mydomain.com$request_uri? permanent;
}

server {
listen to 443 ssl http2;

ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_stapling on;

server_name mydomain.com;

root /var/www/mydomain.com;

place / {
try_files $ uri /index.php?$args;
}

location ~ \ .php { try_files uri = 404;
fastcgi_split_path_info ^ (. + . php) (/.+) $;
fastcgi_pass unix: /run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}

and create a symbolic link:
ln -s /etc/nginx/sites-available/mydomain.com.conf /etc/nginx/sites-enabled/mydomain.com.conf

is correct? do i need to do this for all my domains?

Check your output you have already shared.

There is a sample.

Simple - no redirect.

And create only a port 80 vHost, Certbot can add the 443 vHost.

@JuergenAuer now my sites are as an example page?
https://artesaosbrasil.com.br/
https://dietasbaratas.com/
https://pietramancini.com/

i followed this tutorial

I don’t see something, there is a timeout.

Don’t create https vHosts manual, let Certbot do that job.

Create only correct port 80 vHosts.

There

http://dietasbaratas.com/

is a Forbidden, may be the wrong root directory or a missing index.html.

PS: Different, three vHosts, one per domain. If you don’t have content, create simple index - pages with different content, so it’s possible to see if domain name + content are correct.

Please ask to your hosting provider to solve better way or they will also do from their side…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.