Renew does not create new files in acme-challenge

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: vibrant.co.za

I ran this command: sudo certbot renew --dry-run

It produced this output: Attempting to renew cert (vibrant.co.za) from /etc/letsencrypt/renewal/vibrant.co.za.conf produced an unexpected error: Failed authorization procedure. vibrant.co.za (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://vibrant.co.za/.well-known/acme-challenge/rk-kUX2R3Q9AhWdxjIr8tn_3vJ6dJ3NFfYuCGqqxkq8 [188.226.217.55]: “\n\n404 Not Found\n\n

Not Found

\n<p”. Skipping.

My web server is (include version): Apache 2

The operating system my web server runs on is (include version): Ubuntu 14.04.5 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.28.0

I can see why http://vibrant.co.za/.well-known/acme-challenge/rk-kUX2R3Q9AhWdxjIr8tn_3vJ6dJ3NFfYuCGqqxkq8 produces 404 : It is because eventhough http://vibrant.co.za/.well-known/acme-challenge/ is web accessible, the only files in there are from january - it is not creating new challenge files!

I’ve upped permissions buut to no avail, and I cannot find a log entry stating it failed to create the challenge file, juust the one about the 404 trying to access it.

Hi @tobie

then Certbot may add internal location definitions or doesn’t understand your configuration.

But your main configuration looks ok - /.well-known/acme-challenge/unknown-file answers with a correct 404. So check your vHost to find your DocumentRoot, then use it:

certbot run -a webroot -i apache -w yourDocumentRoot -d www.vibrantmedia.co.za -d vibrantmedia.co.za

Your certificate has only one domain name:

CN=www.vibrantmedia.co.za
	02.12.2018
	02.03.2019
2 days expired	www.vibrantmedia.co.za - 1 entry

But your www-version should always have the non-www - version too.

Thank you thank you thank you!

1 Like

Happy to read that it works.

But: There are some errors: You have one certificate with 4 domain names ( checked with https://check-your-website.server-daten.de/?q=vibrant.co.za ):

CN=www.vibrantmedia.co.za
	04.03.2019
	02.06.2019
expires in 90 days	vibrant.co.za, vibrantmedia.co.za, 
www.vibrant.co.za, www.vibrantmedia.co.za - 4 entries

Your vibrant.co.za uses that certificate. But your vibrantmedia.co.za doesn’t use that certificate, instead, a certificate with the www-version is used. So the non-www-version isn’t secure.

And you have a lot of content loaded via url(http://…). Change these http -> https.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.