Renew failure after moving server

I moved letsencrypt from one server to another behind NAT, the url nor external IP never changed. The old server using a backport for jessie, the new server is ubuntu.

I copied the letsencrypt directory, recreated the symlinks for the pem files and updated the config, but I think somewhere there is an error.

Running certbot renew --dry-run I get:

Attempting to renew cert (#######.com) from /etc/letsencrypt/renewal/#######.com.conf produced an unexpected error: Failed authorization procedure. #######.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://########.com/.well-known/acme-challenge/##################### [##.##.###.###]: 404. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/######.com/fullchain.pem (failure)

I think this maybe because of nginx, but I don’t know what to look for

There’s not a lot to go on without knowing the domain and seeing the contents of /etc/letsencrypt/renewal/#######.com.conf.

Maybe your authenticator parameters changed (webroot path is no longer valid or something like that). Perhaps try

certbot renew --cert-name #######.com --nginx

but other than that, we’ll need more info.

The conf:

renew_before_expiry = 30 days

version = 0.25.0
archive_dir = /etc/letsencrypt/archive/########.com
cert = /etc/letsencrypt/live/########.com/cert.pem
privkey = /etc/letsencrypt/live/########.com/privkey.pem
chain = /etc/letsencrypt/live/########.com/chain.pem
fullchain = /etc/letsencrypt/live/########.com/fullchain.pem

Options used in the renewal process

[renewalparams]
authenticator = webroot
installer = None
account = ############################
[[webroot_map]]
########.com = /usr/share/nginx/html

It’s weird my dns is pointing the subdomain to the ip of the server, but using a web browser I cannot see the nginx index html, ping finds the right server though and in the internal network it works as well. I configured nginx to listen on 80 and 443, but its not presenting to web

There was an error on the default config of nginx pointing to the wrong ssl, it is working now

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.