Not able to renew certificate

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.vknow.co.in

I ran this command: ./letsencrypt-auto renew --preferred-challenge http
./certbot-auto renew --preferred-challenge http

It produced this output:Waiting for verification…
Challenge failed for domain www.vknow.co.in
http-01 challenge for www.vknow.co.in
Cleaning up challenges
Attempting to renew cert (vknow.co.in) from /etc/letsencrypt/renewal/vknow.co.in.conf produced an unexpected error: Some challenges have failed… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/vknow.co.in/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/vknow.co.in/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.vknow.co.in
    Type: unauthorized
    Detail: Invalid response from
    https://www.vknow.co.in/.well-known/acme-challenge/N2g3Cm9zPkeZS1_NV8lrFNQ_OX74YkG_I3bT54Z9srg
    [2600:9000:2008:7c00:e:c945:380:93a1]: “\r\n502
    Bad Gateway\r\n<body
    bgcolor=“white”>\r\n

    502 Bad
    Gateway

    \r\n\r”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version):
Server version: Apache/2.4.37 (Amazon)
Server built: Dec 13 2018 00:17:42

The operating system my web server runs on is (include version): Amazon Linux 4.14.88-72.73.amzn1.x86_64

My hosting provider, if applicable, is: Amazon

I can login to a root shell on my machine (yes or no, or I don’t know): No

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

2

Can you post the rest of Certbot’s output?

I’m not seeing a 502 error right now…

3

Hi @akash

checking your domain the www - version has a lot of ipv6 addresses.

And a redirect http -> https.

But checking two ipv6 addresses manual there is the expected error http status 404 - not found:

/.well-known/acme-challenge/unknown-file

Not a 502.

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.