Hi Seth,
Thank you for the quick reply.
- What version of certbot, it might be a bug.
apt-cache policy certbot | grep -i Installed
Installed : 0.28.0-1+ubuntu18.04.1+certbot+4
Why would this only fail on one of 12 sites I’m running on the same server?
I disabled CloudFlare and got the same results. I did have a typo in my .conf file which I fixed which changed the error output, which is interesting, but not sure what it tells me. (see output at the end)
- Proxied by CloudFlare.
Yes I do you CloudFlare for this and other sites.
No, I did not know that they did not “use” my LetsEncrypt SSL. I don’t see that fact documented anywhere. Can you point me to this fact? My customers see a green lock when they access my sites and I’m not paying CloudFlare for any certs, so they appear to pass my SSL cert from LetsEncrypt out to the world. If you think this is not true, I’ll research and find out what really happening…
I would still likely keep LetsEncrypt running as I disable CloudFlare at times for development work. I use my cron file to keep LetsEncrypt updated so it’s not really any extra work.
RESULTS BELOW:
ken_young@venus : /etc/apache2/sites-available $ sudo certbot renew --preferred-challenges http
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/corks4acause.org.conf
Cert not yet due for renewal
Processing /etc/letsencrypt/renewal/headsandtailssports.com.conf
Cert not yet due for renewal
Processing /etc/letsencrypt/renewal/ideatogrowth.com.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ideatogrowth.com
http-01 challenge for www.ideatogrowth.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (ideatogrowth.com) from /etc/letsencrypt/renewal/ideatogrowth.com.conf produced an unexpected error: Failed authorization procedure. www.ideatogrowth.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.ideatogrowth.com/.well-known/acme-challenge/s2bhpyD1mXY2z4FXyBT9bqp-D6RdvmQfA8pF94vxanI: “<!DOCTYPE html><html class=“html” lang=“en-US” prefix=“og: [http://ogp.me/ns#](http://ogp.me/ns#\)” itemscope itemtype=”[http://schema.org/Article](http://schema.org/Article\)"><he", ideatogrowth.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ideatogrowth.com/.well-known/acme-challenge/KY4mxq3OyZXMZDqQMZCfXjEgSIII8vBUgw3nKwfXxmY: “<!DOCTYPE html><html class=“html” lang=“en-US” prefix=“og: [http://ogp.me/ns#](http://ogp.me/ns#\)” itemscope itemtype=”[http://schema.org/Article](http://schema.org/Article\)"><he". Skipping.
Processing /etc/letsencrypt/renewal/investorreadinessprogram.com.conf
Cert not yet due for renewal
Processing /etc/letsencrypt/renewal/shemisweetcakes.net.conf
Cert not yet due for renewal
Processing /etc/letsencrypt/renewal/dragonflypiecards.com.conf
Cert not yet due for renewal
Processing /etc/letsencrypt/renewal/networkexecwomen.com.conf
Cert not yet due for renewal
Processing /etc/letsencrypt/renewal/wpsiterepair.com.conf
Cert not yet due for renewal
Processing /etc/letsencrypt/renewal/wpquicksite.com.conf
Cert not yet due for renewal
Processing /etc/letsencrypt/renewal/casajimenezwine.com.conf
Cert not yet due for renewal
Processing /etc/letsencrypt/renewal/wpsiteteam.com.conf
Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ideatogrowth.com/fullchain.pem (failure)
The following certs are not due for renewal yet:
/etc/letsencrypt/live/corks4acause.org/fullchain.pem expires on 2019-02-06 (skipped)
/etc/letsencrypt/live/headsandtailssports.com/fullchain.pem expires on 2019-03-29 (skipped)
/etc/letsencrypt/live/investorreadinessprogram.com/fullchain.pem expires on 2019-03-04 (skipped)
/etc/letsencrypt/live/shemisweetcakes.net/fullchain.pem expires on 2019-03-04 (skipped)
/etc/letsencrypt/live/dragonflypiecards.com/fullchain.pem expires on 2019-03-04 (skipped)
/etc/letsencrypt/live/networkexecwomen.com/fullchain.pem expires on 2019-02-06 (skipped)
/etc/letsencrypt/live/wpsiterepair.com/fullchain.pem expires on 2019-03-04 (skipped)
/etc/letsencrypt/live/wpquicksite.com/fullchain.pem expires on 2019-03-04 (skipped)
/etc/letsencrypt/live/casajimenezwine.com/fullchain.pem expires on 2019-03-04 (skipped)
/etc/letsencrypt/live/wpsiteteam.com/fullchain.pem expires on 2019-03-04 (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ideatogrowth.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.ideatogrowth.com
Type: unauthorized
Detail: Invalid response from
http://www.ideatogrowth.com/.well-known/acme-challenge/s2bhpyD1mXY2z4FXyBT9bqp-D6RdvmQfA8pF94vxanI:
"<!DOCTYPE html><html class=“html” lang=“en-US” prefix="og:
[http://ogp.me/ns#](http://ogp.me/ns#\)" itemscope
itemtype="[http://schema.org/Article](http://schema.org/Article\)"><he"
Domain: ideatogrowth.com
Type: unauthorized
Detail: Invalid response from
http://ideatogrowth.com/.well-known/acme-challenge/KY4mxq3OyZXMZDqQMZCfXjEgSIII8vBUgw3nKwfXxmY:
"<!DOCTYPE html><html class=“html” lang=“en-US” prefix="og:
[http://ogp.me/ns#](http://ogp.me/ns#\)" itemscope
itemtype="[http://schema.org/Article](http://schema.org/Article\)"><he"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Kenneth Ervin Young
IDEA TO GROWTH LLC
Chief Executive Officer
Ken@IdeaToGrowth.com
KennethErvinYoung@gmail.com
Mobile/Text: +1 (813) 407-8240
Business Mail:
3690 W Gandy Blvd
Suite #183
Tampa, FL 33611-3300
United States
Website Email Facebook Twitte r LinkedIn LinkedIn-IdeaToGrowthLLC