Problème de renouvellement

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
/opt/letsencrypt# certbot-auto renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification…
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: Some challenges have failed… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)


My web server is (include version): Apache/2.4.25 (Debian)

The operating system my web server runs on is (include version): Debian GNU/Linux 9

My hosting provider, if applicable, is: VPS chez OVH

I can login to a root shell on my machine (yes or no, or I don’t know): oui

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): non

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.36.0

Hi @mowebius

you use the apache-authenticator. That creates a temporary location definition in another directory. Looks like there is no access to read that directory.

Run Certbot with the -vvv flag to find that directory. Then create it (if it doesn't exist) and add the permissions.

Or find your webroot (DocumentRoot in your vHost) of your https vHost, then use that -

Domainname Http-Status redirect Sec. G 301 0.054 A 301 0.053 E 302 3.253 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors 200 3.610 N
Certificate error: RemoteCertificateChainErrors 301 0.067 A
Visible Content: Moved Permanently The document has moved here . Apache/2.4.25 (Debian) Server at Port 80 301 0.054 E
Visible Content: Moved Permanently The document has moved here . Apache/2.4.25 (Debian) Server at Port 80 404 3.166 N
Not Found
Certificate error: RemoteCertificateChainErrors
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.25 (Debian) Server at Port 443

http + /.well-known/acme-challenge/random-filename is redirected to https, so you must use your https DocumentRoot.

certbot run -a webroot -i apache -w yourDocumentRoot -d -d

Now you have a certificate only with the non-www domain name. So your existing www version has the wrong certificate.

1 Like

Thanks for your answer,

First, you said : “Run Certbot with the -vvv flag to find that directory”
I’m a simple developer and I’m not comfortable with server managing.
So, could you explain in details the syntax of the certbot command for finding that temporary directory’s location

Second, here’s my virtual host’s file. Is there anything to change.

<VirtualHost *:443>

  ServerAdmin (masked)

  DocumentRoot /var/www/

  <Directory />
     Order Deny,Allow
     Deny from all
     Options -Indexes -Includes -ExecCGI -FollowSymlinks

  <Directory /var/www/*>
     Order allow,deny
     Allow from all
     AllowOverride All
     Options -Indexes -Includes -ExecCGI +FollowSymlinks

  ErrorLog ${APACHE_LOG_DIR}/
  CustomLog ${APACHE_LOG_DIR}/ combined

  # REDIRECTION - Les lignes commentées sont générées par letsencrypt
  SSLCertificateFile /etc/letsencrypt/live/
  SSLCertificateKeyFile /etc/letsencrypt/live/
  Include /etc/letsencrypt/options-ssl-apache.conf


is your DocumentRoot. So use it.

And read

to see the command line options you can use.

Thx again,
Last question : If problem not solve, is it possible to revoke certificate before making a new demand

Please read

Revoking certificates does not reset rate limits , because the resources used to issue those certificates have already been consumed.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.