Problem renew certificate certbot

onzulin · June 13, 2017, 12:18pm

Hello I have a problem to renew certificate let’s encrypt with certbot this error is:
~$ sudo /usr/bin/certbot renew --renew-hook "/bin/systemctl reload nginx"
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/mail.gamesyap.com.conf

Cert not yet due for renewal

Processing /etc/letsencrypt/renewal/gamesyap.com.conf

Cert is due for renewal, auto-renewing…
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for gamesyap.com
http-01 challenge for www.gamesyap.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/gamesyap.com.conf produced an unexpected error: Failed authorization procedure. www.gamesyap.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.gamesyap.com/.well-known/acme-challenge/Ufjv7AFXjIgvrpvhiScVAyA6fjYocA_k-9WQIq3zEO8: "

404 Not Found

". Skipping.

The following certs are not due for renewal yet:
/etc/letsencrypt/live/mail.gamesyap.com/fullchain.pem (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/gamesyap.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: www.gamesyap.com
Type: unauthorized
Detail: Invalid response from
http://www.gamesyap.com/.well-known/acme-challenge/Ufjv7AFXjIgvrpvhiScVAyA6fjYocA_k-9WQIq3zEO8:
"
404 Not Found
404 Not Found

"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

sahsanu · June 13, 2017, 12:31pm

Hi @onzulin,

It seems that you are using a location directive to specify a direferent root for /.well-known/acme-challenge/ requests so you need to check that the root or alias directive is using the same path as you have it defined in the certbot renewal conf file /etc/letsencrypt/renewal/gamesyap.com.conf.

To test, it, put a test file inside the path to your webroot path and try to get that file with your browser or qith curl if you prefer the command line.

echo -n "This is a test" > /path/to/your/webroot/.well-known/acme-challenge/test

Now try to reach that file with your browser:

http://gamesyap.com/.well-known/acme-challenge/test

or with curl:

curl -ikL http://gamesyap.com/.well-known/acme-challenge/test

Once you can get that file, you should be able to renew your certificate.

You can also check the errors in nginx, them could give you a clue where it is trying to get the challenge and why it is failing.

Cheers,
sahsanu

onzulin · June 13, 2017, 1:34pm

Thank you for your response, you say that defined certbot reneewal conf file /etc/letsencrypt/renewal/gamesyap.com.conf, I had bad configuration path in the file, I have changed the path on run the command /usr/bin/certbot renew --renew-hook “/bin/systemctl reload nginx” and run wothout errors, thank you very much sahsanu.

rg305 · June 13, 2017, 4:15pm

Note (IPv6 is at play):

Name: www.gamesyap.com
Addresses: 2a01:7e01::f03c:91ff:fe1f:2aa9
139.162.165.192

system · July 13, 2017, 4:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.