Renew failure after moving server


#1

I moved letsencrypt from one server to another behind NAT, the url nor external IP never changed. The old server using a backport for jessie, the new server is ubuntu.

I copied the letsencrypt directory, recreated the symlinks for the pem files and updated the config, but I think somewhere there is an error.

Running certbot renew --dry-run I get:

Attempting to renew cert (#######.com) from /etc/letsencrypt/renewal/#######.com.conf produced an unexpected error: Failed authorization procedure. #######.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://########.com/.well-known/acme-challenge/##################### [##.##.###.###]: 404. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/######.com/fullchain.pem (failure)

I think this maybe because of nginx, but I don’t know what to look for


#2

There’s not a lot to go on without knowing the domain and seeing the contents of /etc/letsencrypt/renewal/#######.com.conf.

Maybe your authenticator parameters changed (webroot path is no longer valid or something like that). Perhaps try

certbot renew --cert-name #######.com --nginx

but other than that, we’ll need more info.


#3

The conf:

renew_before_expiry = 30 days

version = 0.25.0
archive_dir = /etc/letsencrypt/archive/########.com
cert = /etc/letsencrypt/live/########.com/cert.pem
privkey = /etc/letsencrypt/live/########.com/privkey.pem
chain = /etc/letsencrypt/live/########.com/chain.pem
fullchain = /etc/letsencrypt/live/########.com/fullchain.pem

Options used in the renewal process

[renewalparams]
authenticator = webroot
installer = None
account = ############################
[[webroot_map]]
########.com = /usr/share/nginx/html

It’s weird my dns is pointing the subdomain to the ip of the server, but using a web browser I cannot see the nginx index html, ping finds the right server though and in the internal network it works as well. I configured nginx to listen on 80 and 443, but its not presenting to web


#4

There was an error on the default config of nginx pointing to the wrong ssl, it is working now


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.