My domain is: justdance.dei.uc.pt
I ran this command:
sudo certbot certonly -d justdance.dei.uc.pt --manual --preferred-challenges dns-01 --force-renewal --manual-public-ip-logging-ok
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for justdance.dei.uc.pt
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.justdance.dei.uc.pt with the following value:
ni2HPC3-b1woXx3JGmHR9KJoc26WIAnTbVoMB1z7Aek
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Challenge failed for domain justdance.dei.uc.pt
dns-01 challenge for justdance.dei.uc.pt
Cleaning up challenges
Some challenges have failed.
**IMPORTANT NOTES:**
- The following errors were reported by the server:
Domain: justdance.dei.uc.pt
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.justdance.dei.uc.pt - check that a DNS record
exists for this domain
I try also, this command:sudo certbot renew --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/justdance.dei.uc.pt.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for justdance.dei.uc.pt
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Challenge failed for domain justdance.dei.uc.pt
http-01 challenge for justdance.dei.uc.pt
Cleaning up challenges
Attempting to renew cert (justdance.dei.uc.pt) from /etc/letsencrypt/renewal/justdance.dei.uc.pt.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/justdance.dei.uc.pt/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/justdance.dei.uc.pt/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: justdance.dei.uc.pt
Type: unauthorized
Detail: Invalid response from
https://justdance.dei.uc.pt/.well-known/acme-challenge/gGolaWY_QE3ZlR738lDnA0uG4Iv_FAivA5QWd3FWYJ8
[193.137.203.84]: "<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n
<meta charset=\"utf-8\" />\n <meta
http-equiv=\"X-UA-Compatible\" content=\"IE=edge\" "
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): nginx
The operating system my web server runs on is (include version): ubuntu server 20.04
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.40.0
1 Like
Welcome to the Let's Encrypt Community, Renato
Firstly, let me share some wisdom: avoid using --force-renewal like you would avoid a deadly disease. It almost never results in anything useful.
That said, it looks like your certificate was originally obtained by fulfilling an http-01 challenge using the webroot authenticator and should have autorenewed the same way if the webserver configuration had not changed since April 5.
Certificate history for justdance.dei.uc.pt:
https://crt.sh/?q=justdance.dei.uc.pt
Is there a reason that you are now trying to manually fulfill a dns-01 challenge ?
Let's try something. What is the output of this:
sudo certbot certonly --nginx -d "justdance.dei.uc.pt" --dry-run
1 Like
give this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: The requested nginx plugin does not appear to be installed
The requested nginx plugin does not appear to be installed
1 Like
I installed now. With sudo apt-get install python3-certbot-nginx
1 Like
Please follow the instructions here to install the latest snap version of certbot:
Be sure to follow all the steps, paying close attention to the one that instructs you on removing your old certbot installation.
1 Like
With your input, it give this ouput:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for justdance.dei.uc.pt
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/sites-enabled/metabase:15
nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/sites-enabled/metabase:25
Waiting for verification...
Cleaning up challenges
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/sites-enabled/metabase:11
nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/sites-enabled/metabase:21
IMPORTANT NOTES:
- The dry run was successful.
1 Like
If you don't mind, go ahead and follow the snap installation instructions I gave you earlier. It will give you a much newer certbot version and save you worlds of headache later.
1 Like
Meanwhile... there are other issues.
What are the outputs of:
sudo certbot certificates
sudo ls -lRa /etc/letsencrypt
sudo nginx -T
sudo ls -lRa /etc/nginx/sites-available
sudo ls -lRa /etc/nginx/sites-enabled
Please put 3 backticks above and below each output, like this:
```
1 Like
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: justdance.dei.uc.pt
Domains: justdance.dei.uc.pt
Expiry Date: 2021-07-04 22:05:45+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/justdance.dei.uc.pt/fullchain.pem
Private Key Path: /etc/letsencrypt/live/justdance.dei.uc.pt/privkey.pem
1 Like
sudo -ls -lRa /etc/letsencrypt
/etc/letsencrypt:
total 56
drwxr-xr-x 9 root root 4096 Jul 5 11:34 .
drwxr-xr-x 104 root root 4096 Jul 1 06:57 ..
-rw-r--r-- 1 root root 64 Jul 5 11:28 .updated-options-ssl-nginx-conf-digest.txt
-rw-r--r-- 1 root root 64 Jul 5 11:28 .updated-ssl-dhparams-pem-digest.txt
drwxr-xr-x 4 root root 4096 Jul 5 08:55 accounts
drwx------ 3 root root 4096 Apr 5 23:05 archive
-rw-r--r-- 1 root root 121 Feb 11 2019 cli.ini
drwxr-xr-x 2 root root 4096 Jul 5 11:19 csr
drwx------ 2 root root 4096 Jul 5 11:19 keys
drwx------ 3 root root 4096 Apr 5 23:05 live
-rw-r--r-- 1 root root 742 Jul 5 11:28 options-ssl-nginx.conf
drwxr-xr-x 2 root root 4096 Jul 5 11:15 renewal
drwxr-xr-x 5 root root 4096 Apr 5 23:04 renewal-hooks
-rw-r--r-- 1 root root 424 Jul 5 11:28 ssl-dhparams.pem
/etc/letsencrypt/accounts:
total 16
drwxr-xr-x 4 root root 4096 Jul 5 08:55 .
drwxr-xr-x 9 root root 4096 Jul 5 11:34 ..
drwxr-xr-x 3 root root 4096 Jul 5 08:55 acme-staging-v02.api.letsencrypt.org
drwxr-xr-x 3 root root 4096 Apr 5 23:04 acme-v02.api.letsencrypt.org
/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org:
total 12
drwxr-xr-x 3 root root 4096 Jul 5 08:55 .
drwxr-xr-x 4 root root 4096 Jul 5 08:55 ..
drwx------ 3 root root 4096 Jul 5 08:55 directory
/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory:
total 12
drwx------ 3 root root 4096 Jul 5 08:55 .
drwxr-xr-x 3 root root 4096 Jul 5 08:55 ..
drwx------ 2 root root 4096 Jul 5 08:55 418e42db882abf8d70aa3d7276a840dd
/etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/418e42db882abf8d70aa3d7276a840dd:
total 20
drwx------ 2 root root 4096 Jul 5 08:55 .
drwx------ 3 root root 4096 Jul 5 08:55 ..
-rw-r--r-- 1 root root 69 Jul 5 08:55 meta.json
-r-------- 1 root root 1632 Jul 5 08:55 private_key.json
-rw-r--r-- 1 root root 86 Jul 5 08:55 regr.json
/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org:
total 12
drwxr-xr-x 3 root root 4096 Apr 5 23:04 .
drwxr-xr-x 4 root root 4096 Jul 5 08:55 ..
drwx------ 3 root root 4096 Apr 5 23:05 directory
/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory:
total 12
drwx------ 3 root root 4096 Apr 5 23:05 .
drwxr-xr-x 3 root root 4096 Apr 5 23:04 ..
drwx------ 2 root root 4096 Apr 5 23:05 db6ad3d7a526da83d544a08e001865a6
/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/db6ad3d7a526da83d544a08e001865a6:
total 20
drwx------ 2 root root 4096 Apr 5 23:05 .
drwx------ 3 root root 4096 Apr 5 23:05 ..
-rw-r--r-- 1 root root 69 Apr 5 23:05 meta.json
-r-------- 1 root root 1632 Apr 5 23:05 private_key.json
-rw-r--r-- 1 root root 79 Apr 5 23:05 regr.json
/etc/letsencrypt/archive:
total 12
drwx------ 3 root root 4096 Apr 5 23:05 .
drwxr-xr-x 9 root root 4096 Jul 5 11:34 ..
drwxr-xr-x 2 root root 4096 Apr 5 23:05 justdance.dei.uc.pt
/etc/letsencrypt/archive/justdance.dei.uc.pt:
total 24
drwxr-xr-x 2 root root 4096 Apr 5 23:05 .
drwx------ 3 root root 4096 Apr 5 23:05 ..
-rw-r--r-- 1 root root 1854 Apr 5 23:05 cert1.pem
-rw-r--r-- 1 root root 1586 Apr 5 23:05 chain1.pem
-rw-r--r-- 1 root root 3440 Apr 5 23:05 fullchain1.pem
-rw------- 1 root root 1708 Apr 5 23:05 privkey1.pem
/etc/letsencrypt/csr:
total 304
drwxr-xr-x 2 root root 4096 Jul 5 11:19 .
drwxr-xr-x 9 root root 4096 Jul 5 11:34 ..
-rw-r--r-- 1 root root 932 Apr 5 23:05 0000_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 5 07:16 0001_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 5 21:30 0002_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 6 01:12 0003_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 6 13:14 0004_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 7 09:42 0005_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 7 23:00 0006_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 8 00:44 0007_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 8 18:59 0008_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 9 04:42 0009_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 9 14:30 0010_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 10 05:56 0011_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 10 18:01 0012_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 11 05:39 0013_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 11 18:50 0014_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 12 07:13 0015_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 12 17:12 0016_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 13 01:02 0017_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 13 12:55 0018_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 14 08:31 0019_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 14 14:22 0020_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 15 09:12 0021_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 15 21:07 0022_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 16 03:58 0023_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 16 12:51 0024_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 17 03:53 0025_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 17 16:07 0026_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 18 04:42 0027_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 18 13:26 0028_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 19 01:02 0029_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 19 22:04 0030_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 20 03:54 0031_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 20 15:11 0032_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 21 05:39 0033_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 21 18:20 0034_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 22 08:11 0035_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 22 18:03 0036_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 23 06:44 0037_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 23 22:49 0038_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 24 06:44 0039_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 24 14:06 0040_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 25 03:27 0041_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 25 17:13 0042_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 26 06:03 0043_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 26 20:27 0044_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 27 08:30 0045_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 27 12:23 0046_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 28 05:39 0047_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 28 22:57 0048_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 29 00:21 0049_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 29 13:24 0050_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 30 03:58 0051_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jun 30 12:52 0052_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 1 02:39 0053_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 1 23:59 0054_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 2 10:07 0055_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 2 20:58 0056_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 3 07:11 0057_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 3 21:51 0058_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 4 10:16 0059_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 4 13:05 0060_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 5 00:09 0061_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 5 08:53 0062_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 5 08:56 0063_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 5 09:06 0064_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 5 09:13 0065_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 5 09:28 0066_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 5 09:59 0067_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 5 10:18 0068_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 5 10:22 0069_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 5 10:42 0070_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 5 11:12 0071_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 5 11:17 0072_csr-certbot.pem
-rw-r--r-- 1 root root 932 Jul 5 11:19 0073_csr-certbot.pem
/etc/letsencrypt/keys:
total 304
drwx------ 2 root root 4096 Jul 5 11:19 .
drwxr-xr-x 9 root root 4096 Jul 5 11:34 ..
-rw------- 1 root root 1708 Apr 5 23:05 0000_key-certbot.pem
-rw------- 1 root root 1704 Jun 5 07:16 0001_key-certbot.pem
-rw------- 1 root root 1704 Jun 5 21:30 0002_key-certbot.pem
-rw------- 1 root root 1704 Jun 6 01:12 0003_key-certbot.pem
-rw------- 1 root root 1704 Jun 6 13:14 0004_key-certbot.pem
-rw------- 1 root root 1704 Jun 7 09:42 0005_key-certbot.pem
-rw------- 1 root root 1704 Jun 7 23:00 0006_key-certbot.pem
-rw------- 1 root root 1704 Jun 8 00:44 0007_key-certbot.pem
-rw------- 1 root root 1704 Jun 8 18:59 0008_key-certbot.pem
-rw------- 1 root root 1704 Jun 9 04:42 0009_key-certbot.pem
-rw------- 1 root root 1704 Jun 9 14:30 0010_key-certbot.pem
-rw------- 1 root root 1708 Jun 10 05:56 0011_key-certbot.pem
-rw------- 1 root root 1704 Jun 10 18:01 0012_key-certbot.pem
-rw------- 1 root root 1708 Jun 11 05:39 0013_key-certbot.pem
-rw------- 1 root root 1704 Jun 11 18:50 0014_key-certbot.pem
-rw------- 1 root root 1704 Jun 12 07:13 0015_key-certbot.pem
-rw------- 1 root root 1704 Jun 12 17:12 0016_key-certbot.pem
-rw------- 1 root root 1704 Jun 13 01:02 0017_key-certbot.pem
-rw------- 1 root root 1704 Jun 13 12:55 0018_key-certbot.pem
-rw------- 1 root root 1704 Jun 14 08:31 0019_key-certbot.pem
-rw------- 1 root root 1704 Jun 14 14:22 0020_key-certbot.pem
-rw------- 1 root root 1704 Jun 15 09:12 0021_key-certbot.pem
-rw------- 1 root root 1708 Jun 15 21:07 0022_key-certbot.pem
-rw------- 1 root root 1704 Jun 16 03:58 0023_key-certbot.pem
-rw------- 1 root root 1704 Jun 16 12:51 0024_key-certbot.pem
-rw------- 1 root root 1704 Jun 17 03:53 0025_key-certbot.pem
-rw------- 1 root root 1704 Jun 17 16:07 0026_key-certbot.pem
-rw------- 1 root root 1704 Jun 18 04:42 0027_key-certbot.pem
-rw------- 1 root root 1704 Jun 18 13:26 0028_key-certbot.pem
-rw------- 1 root root 1704 Jun 19 01:02 0029_key-certbot.pem
-rw------- 1 root root 1704 Jun 19 22:04 0030_key-certbot.pem
-rw------- 1 root root 1704 Jun 20 03:54 0031_key-certbot.pem
-rw------- 1 root root 1708 Jun 20 15:11 0032_key-certbot.pem
-rw------- 1 root root 1704 Jun 21 05:39 0033_key-certbot.pem
-rw------- 1 root root 1708 Jun 21 18:20 0034_key-certbot.pem
-rw------- 1 root root 1704 Jun 22 08:11 0035_key-certbot.pem
-rw------- 1 root root 1704 Jun 22 18:03 0036_key-certbot.pem
-rw------- 1 root root 1704 Jun 23 06:44 0037_key-certbot.pem
-rw------- 1 root root 1704 Jun 23 22:49 0038_key-certbot.pem
-rw------- 1 root root 1708 Jun 24 06:44 0039_key-certbot.pem
-rw------- 1 root root 1704 Jun 24 14:06 0040_key-certbot.pem
-rw------- 1 root root 1704 Jun 25 03:27 0041_key-certbot.pem
-rw------- 1 root root 1708 Jun 25 17:13 0042_key-certbot.pem
-rw------- 1 root root 1704 Jun 26 06:03 0043_key-certbot.pem
-rw------- 1 root root 1708 Jun 26 20:27 0044_key-certbot.pem
-rw------- 1 root root 1704 Jun 27 08:30 0045_key-certbot.pem
-rw------- 1 root root 1708 Jun 27 12:23 0046_key-certbot.pem
-rw------- 1 root root 1704 Jun 28 05:39 0047_key-certbot.pem
-rw------- 1 root root 1704 Jun 28 22:57 0048_key-certbot.pem
-rw------- 1 root root 1704 Jun 29 00:21 0049_key-certbot.pem
-rw------- 1 root root 1704 Jun 29 13:24 0050_key-certbot.pem
-rw------- 1 root root 1708 Jun 30 03:58 0051_key-certbot.pem
-rw------- 1 root root 1704 Jun 30 12:52 0052_key-certbot.pem
-rw------- 1 root root 1704 Jul 1 02:39 0053_key-certbot.pem
-rw------- 1 root root 1708 Jul 1 23:59 0054_key-certbot.pem
-rw------- 1 root root 1704 Jul 2 10:07 0055_key-certbot.pem
-rw------- 1 root root 1704 Jul 2 20:58 0056_key-certbot.pem
-rw------- 1 root root 1708 Jul 3 07:11 0057_key-certbot.pem
-rw------- 1 root root 1704 Jul 3 21:51 0058_key-certbot.pem
-rw------- 1 root root 1704 Jul 4 10:16 0059_key-certbot.pem
-rw------- 1 root root 1704 Jul 4 13:05 0060_key-certbot.pem
-rw------- 1 root root 1704 Jul 5 00:09 0061_key-certbot.pem
-rw------- 1 root root 1704 Jul 5 08:53 0062_key-certbot.pem
-rw------- 1 root root 1704 Jul 5 08:56 0063_key-certbot.pem
-rw------- 1 root root 1704 Jul 5 09:06 0064_key-certbot.pem
-rw------- 1 root root 1704 Jul 5 09:13 0065_key-certbot.pem
-rw------- 1 root root 1704 Jul 5 09:28 0066_key-certbot.pem
-rw------- 1 root root 1704 Jul 5 09:59 0067_key-certbot.pem
-rw------- 1 root root 1704 Jul 5 10:18 0068_key-certbot.pem
-rw------- 1 root root 1704 Jul 5 10:22 0069_key-certbot.pem
-rw------- 1 root root 1704 Jul 5 10:42 0070_key-certbot.pem
-rw------- 1 root root 1704 Jul 5 11:12 0071_key-certbot.pem
-rw------- 1 root root 1704 Jul 5 11:17 0072_key-certbot.pem
-rw------- 1 root root 1704 Jul 5 11:19 0073_key-certbot.pem
/etc/letsencrypt/live:
total 16
drwx------ 3 root root 4096 Apr 5 23:05 .
drwxr-xr-x 9 root root 4096 Jul 5 11:34 ..
-rw-r--r-- 1 root root 740 Apr 5 23:05 README
drwxr-xr-x 2 root root 4096 Apr 5 23:05 justdance.dei.uc.pt
/etc/letsencrypt/live/justdance.dei.uc.pt:
total 12
drwxr-xr-x 2 root root 4096 Apr 5 23:05 .
drwx------ 3 root root 4096 Apr 5 23:05 ..
-rw-r--r-- 1 root root 692 Apr 5 23:05 README
lrwxrwxrwx 1 root root 43 Apr 5 23:05 cert.pem -> ../../archive/justdance.dei.uc.pt/cert1.pem
lrwxrwxrwx 1 root root 44 Apr 5 23:05 chain.pem -> ../../archive/justdance.dei.uc.pt/chain1.pem
lrwxrwxrwx 1 root root 48 Apr 5 23:05 fullchain.pem -> ../../archive/justdance.dei.uc.pt/fullchain1.pem
lrwxrwxrwx 1 root root 46 Apr 5 23:05 privkey.pem -> ../../archive/justdance.dei.uc.pt/privkey1.pem
/etc/letsencrypt/renewal:
total 12
drwxr-xr-x 2 root root 4096 Jul 5 11:15 .
drwxr-xr-x 9 root root 4096 Jul 5 11:34 ..
-rw-r--r-- 1 root root 618 Jul 5 10:42 justdance.dei.uc.pt.conf
/etc/letsencrypt/renewal-hooks:
total 20
drwxr-xr-x 5 root root 4096 Apr 5 23:04 .
drwxr-xr-x 9 root root 4096 Jul 5 11:34 ..
drwxr-xr-x 2 root root 4096 Apr 5 23:04 deploy
drwxr-xr-x 2 root root 4096 Apr 5 23:04 post
drwxr-xr-x 2 root root 4096 Apr 5 23:04 pre
/etc/letsencrypt/renewal-hooks/deploy:
total 8
drwxr-xr-x 2 root root 4096 Apr 5 23:04 .
drwxr-xr-x 5 root root 4096 Apr 5 23:04 ..
/etc/letsencrypt/renewal-hooks/post:
total 8
drwxr-xr-x 2 root root 4096 Apr 5 23:04 .
drwxr-xr-x 5 root root 4096 Apr 5 23:04 ..
/etc/letsencrypt/renewal-hooks/pre:
total 8
drwxr-xr-x 2 root root 4096 Apr 5 23:04 .
drwxr-xr-x 5 root root 4096 Apr 5 23:04 ..
1 Like
griffin:
sudo nginx -T
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/sites-enabled/metabase:11
nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/sites-enabled/metabase:21
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/nginx/sites-enabled/default:
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
# configuration file /etc/nginx/sites-enabled/metabase:
server {
listen 80;
server_name justdance.dei.uc.pt;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name justdance.dei.uc.pt;
ssl_certificate /etc/letsencrypt/live/justdance.dei.uc.pt/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/justdance.dei.uc.pt/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types text/plain text/html text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml;
gzip_buffers 16 8k;
gzip_disable “MSIE [1-6].(?!.*SV1)”;
access_log /var/log/nginx/metabase.access.log;
location / {
proxy_pass http://justdance.dei.uc.pt:8080;
proxy_set_header host $host;
proxy_http_version 1.1;
proxy_set_header upgrade $http_upgrade;
proxy_set_header connection "upgrade";
}
}
1 Like
/etc/nginx/sites-available:
total 16
drwxr-xr-x 2 root root 4096 Jul 5 11:16 .
drwxr-xr-x 8 root root 4096 Jul 5 11:28 ..
-rw-r--r-- 1 root root 2416 Mar 26 2020 default
-rw-r--r-- 1 root root 1257 Jul 5 11:16 metabase
1 Like
/etc/nginx/sites-enabled:
total 8
drwxr-xr-x 2 root root 4096 Apr 5 23:15 .
drwxr-xr-x 8 root root 4096 Jul 5 11:28 ..
lrwxrwxrwx 1 root root 34 Apr 5 23:00 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root 35 Apr 5 23:15 metabase -> /etc/nginx/sites-available/metabase
1 Like
Perfect. Thanks for those.
From looking at the dates of the files in the csr and keys directories, we can see a clear history of autorenewal failures twice per day since June 5, which is 30 days prior to the expiration of your certificate. This is all as expected (though obviously we don't want the failures).
2 Likes
how can i solve it? The certificate expired yesterday... I wasn't counting... and I need to have an active certificate
1 Like
the settings of files are the same as when I created
1 Like
Now I have the cerbot version 1.16.0
1 Like
I create another certificate with certbot certonly --webroot -w /var/www/html -d justdance.dei.uc.pt or sudo certbot --nginx or sudo certbot certonly --nginx?
1 Like
