Renew --dry-run [Half of domains renewed, the other half failed]


#1

Hi!
My domain is:
s0.example.ru, s0.example.com, s0.example.de
s1.example.ru, s1.example.com, s1.example.de

s4.example.ru, s4.example.com, s4.example.de

First i generated certs by:
0. letsencrypt certonly --webroot -w /etc/nginx/ssl/acme/ -d s0.example.de

  1. letsencrypt certonly --webroot -w /etc/nginx/ssl/acme/ -d s0.example.ru -d s0.example.com -d s0.example.es
  2. letsencrypt certonly --webroot -w /etc/nginx/ssl/acme/ -d s1.example.ru -d s1.example.com -d s1.example.es -d s1.example.de
  3. same for s2.example.***
  4. same for s3.example.***
  5. same for s4.example.***

service nginx reload and everything work fine.

Then i ran this command:
letsencrypt renew --dry-run --agree-tos
It produced this output:

Processing /etc/letsencrypt/renewal/s3.example.ru.conf
2017-03-06 15:04:39,573:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/s3.example.ru.conf produced an unexpected error: The webroot plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(“Couldn’t create root for {0} http-01 challenge responses: {1}”, ‘s3.example-amlak.com’, OSError(1, ‘Operation not permitted’)). Skipping.
Processing /etc/letsencrypt/renewal/s0.example.de.conf
Processing /etc/letsencrypt/renewal/s0.example.ru.conf
2017-03-06 15:04:45,630:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/s0.example.ru.conf produced an unexpected error: The webroot plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(“Couldn’t create root for {0} http-01 challenge responses: {1}”, ‘s0.example.ru’, OSError(1, ‘Operation not permitted’)). Skipping.
Processing /etc/letsencrypt/renewal/s4.example.ru.conf
Processing /etc/letsencrypt/renewal/s1.example.ru.conf
2017-03-06 15:04:54,622:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/s1.example.ru.conf produced an unexpected error: The webroot plugin is not working; there may be problems with your existing configuration
The error was: PluginError(“Couldn’t create root for {0} http-01 challenge responses: {1}”, ‘s1.example.ru’, OSError(1, ‘Operation not permitted’)). Skipping.
Processing /etc/letsencrypt/renewal/s2.example.ru.conf
** DRY RUN: simulating ‘letsencrypt renew’ close to cert expiry
** (The test certificates below have not been saved.)

The following certs were successfully renewed:
/etc/letsencrypt/live/s0.example.de/fullchain.pem (success)
/etc/letsencrypt/live/s4.example.ru/fullchain.pem (success)
/etc/letsencrypt/live/s2.example.ru/fullchain.pem (success)

The following certs could not be renewed:
/etc/letsencrypt/live/s3.example.ru/fullchain.pem (failure)
/etc/letsencrypt/live/s0.example.ru/fullchain.pem (failure)
/etc/letsencrypt/live/s1.example.ru/fullchain.pem (failure)
** DRY RUN: simulating ‘letsencrypt renew’ close to cert expiry
** (The test certificates above have not been saved.)
3 renew failure(s), 0 parse failure(s)

My operating system is (include version):
Ubuntu 16.04
My web server is (include version):
nginx 1.10.0
I can login to a root shell on my machine (yes or no, or I don’t know):
Undesirable
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

Why only s2, s4 and s0.example.de renewed?
And for example If i revoke and renew s3 certs and ran letsencrypt renew --dry-run --agree-tos - then i get the same error but s4 becomes at error and s3 renewed


#2

you need to rethink the way you present the problem

A) have a look at this directory \etc\letsencrypt\renewal
B) review the configs and see if there are any differences

Andrei


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.