Problème de renouvellement

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: tiimster.com

I ran this command:
/opt/letsencrypt# certbot-auto renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/tiimster.com.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for tiimster.com
Waiting for verification…
Challenge failed for domain tiimster.com
http-01 challenge for tiimster.com
Cleaning up challenges
Attempting to renew cert (tiimster.com) from /etc/letsencrypt/renewal/tiimster.com.conf produced an unexpected error: Some challenges have failed… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/tiimster.com/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/tiimster.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

My web server is (include version): Apache/2.4.25 (Debian)

The operating system my web server runs on is (include version): Debian GNU/Linux 9

My hosting provider, if applicable, is: VPS chez OVH

I can login to a root shell on my machine (yes or no, or I don’t know): oui

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): non

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.36.0

2

Hi @mowebius

you use the apache-authenticator. That creates a temporary location definition in another directory. Looks like there is no access to read that directory.

Run Certbot with the -vvv flag to find that directory. Then create it (if it doesn't exist) and add the permissions.

Or find your webroot (DocumentRoot in your vHost) of your https vHost, then use that - https://check-your-website.server-daten.de/?q=tiimster.com

Domainname Http-Status redirect Sec. G
http://tiimster.com/
51.254.214.190 301 https://tiimster.com/ 0.054 A
http://www.tiimster.com/
51.254.214.190 301 https://tiimster.com/ 0.053 E
https://www.tiimster.com/
51.254.214.190 302 https://tiimster.com/ 3.253 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://tiimster.com/
51.254.214.190 200 3.610 N
Certificate error: RemoteCertificateChainErrors
http://tiimster.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
51.254.214.190 301 https://tiimster.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.067 A
Visible Content: Moved Permanently The document has moved here . Apache/2.4.25 (Debian) Server at tiimster.com Port 80
http://www.tiimster.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
51.254.214.190 301 https://tiimster.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.054 E
Visible Content: Moved Permanently The document has moved here . Apache/2.4.25 (Debian) Server at www.tiimster.com Port 80
https://tiimster.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 3.166 N
Not Found
Certificate error: RemoteCertificateChainErrors
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.25 (Debian) Server at tiimster.com Port 443

http + /.well-known/acme-challenge/random-filename is redirected to https, so you must use your https DocumentRoot.

certbot run -a webroot -i apache -w yourDocumentRoot -d tiimster.com -d www.tiimster.com

Now you have a certificate only with the non-www domain name. So your existing www version has the wrong certificate.

1 Like
3

Thanks for your answer,

First, you said : "Run Certbot with the -vvv flag to find that directory"
I'm a simple developer and I'm not comfortable with server managing.
So, could you explain in details the syntax of the certbot command for finding that temporary directory's location

Second, here's my virtual host's file. Is there anything to change.

<VirtualHost *:443>

  # NOM & ADMIN
  ServerName tiimster.com
  ServerAdmin (masked)

  # EMPLACEMENT
  DocumentRoot /var/www/tiimster.com

  <Directory />
     Order Deny,Allow
     Deny from all
     Options -Indexes -Includes -ExecCGI -FollowSymlinks
  </Directory>

  <Directory /var/www/*>
     Order allow,deny
     Allow from all
     AllowOverride All
     Options -Indexes -Includes -ExecCGI +FollowSymlinks
  </Directory>

  # ERROR LOGS
  ErrorLog ${APACHE_LOG_DIR}/tiimster.com-error.log
  CustomLog ${APACHE_LOG_DIR}/tiimster.com-access.log combined

  # REDIRECTION - Les lignes commentées sont générées par letsencrypt
  SSLCertificateFile /etc/letsencrypt/live/tiimster.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/tiimster.com/privkey.pem
  Include /etc/letsencrypt/options-ssl-apache.conf
4

There

is your DocumentRoot. So use it.

And read

https://certbot.eff.org/docs/using.html

to see the command line options you can use.

5

Thx again,
Last question : If problem not solve, is it possible to revoke certificate before making a new demand

6

Please read

Revoking certificates does not reset rate limits , because the resources used to issue those certificates have already been consumed.

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.