Hey, I’ve followed the guide Here (With the options None of the above
+ Ubuntu 18.04 LTS (bionic)
), tured off my web server and used the command sudo certbot certonly --standalone
. The certificates were created and I’ve configured them in my tomcat server. But when i run the command sudo certbot renew --dry-run
i am getting an error (described below).
It seems that it tries to access (/.well-known…) which I didn’t configured in my tomcat server (because i ran the --standalone option).
Do i need to turn off my web server and let certbot run his nginx server? If yes, then how? (sudo certbot certonly --standalone
fails when i try to run in once again). If not - then how to fix it?
Thanks in advance
My domain is: buxsee.com
I ran this command: sudo certbot renew --dry-run
It produced this output:
`/usr/lib/python3/dist-packages/requests/init.py:80: RequestsDependencyWarning: urllib3 (1.25.7) or chardet (3.0.4) doesn’t match a supported version!
RequestsDependencyWarning)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/buxsee.com.conf
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for buxsee.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (buxsee.com) from /etc/letsencrypt/renewal/buxsee.com.conf produced an unexpected error: Failed authorization procedure. buxsee.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://buxsee.com/.well-known/acme-challenge/oake1h8hfG2WvywhtEhiosbe2CBfBDKXBCH9vM3hzUs [18.202.251.235]: “<!doctype html><html lang=“en”>HTTP Status 404 \u2013 Not Found<style type=“text/css”>h1 {font-family:Tahoma,A”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/buxsee.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/buxsee.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: buxsee.com
Type: unauthorized
Detail: Invalid response from
https://buxsee.com/.well-known/acme-challenge/oake1h8hfG2WvywhtEhiosbe2CBfBDKXBCH9vM3hzUs
[18.202.251.235]: “<!doctype html><html
lang=“en”>HTTP Status 404 – Not Found<style
type=“text/css”>h1 {font-family:Tahoma,A”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address`
My web server is (include version): Apache tomcat 9
The operating system my web server runs on is (include version): Ubuntu 18.04.3
My hosting provider, if applicable, is: AWS (EC2 instance)
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.31.0