Not able to renew certificates

Help
1

Dear Team,
I am not able to renew certificate getting error.

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 20
Cannot extract OCSP URI from /etc/letsencrypt/archive/mail.ntsipl.com/cert9.pem
Certificate is due for renewal, auto-renewing...
Renewing an existing certificate for mail.ntsipl.com
Performing the following challenges:
http-01 challenge for mail.ntsipl.com
Waiting for verification...
Challenge failed for domain mail.ntsipl.com
http-01 challenge for mail.ntsipl.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: mail.ntsipl.com
Type: connection
Detail: 103.239.124.251: Fetching http://mail.ntsipl.com/.well-known/acme-challenge/2_fkHUh0A8JjVddLjxRWTKcqT_yMXOlRTC59Ceg2OFM: Error getting validation data

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

--

2

Welcome @jitendra.sharma In the future please post problems in the Help section. That will show you a form to provide info that we often need. I moved your topic there and we will later show that form if this post is not enough to help you.

Your mail.ntispl.com domain is not responding to HTTP requests on port 80. This is required to satisfy the HTTP Challenge you used previously to get the cert. It must have worked when you got the cert originally and any renewals. But, is no longer working.

The Let's Encrypt server reported this as "Error getting validation data". I saw connection problems from every testing tool I tried so it is not unique to Let's Encrypt.

I can reach that domain using HTTPS on port 443. Just not HTTP and port 80. Interestingly, the cert used for connections to the mail subdomain use a wildcard cert for *.ntispl.com

For example, see: Check website performance and response : Check host - online website monitoring

3 Likes