Renew failure AWS Node Express

Back in April, successfully set up HTTPS using LetsEncrypt with an AWS Ubuntu Ec2 install using only node and express. Also configured crontab to automatically certbot renew 30 days prior to expiration. Received an email today that my certs will expire in 10 days. Tried to manually renew (stopping node server, sudo certbot renew) but received a failed authorization procedure (could not get to the challenge file). I also tried running the original server.js (HTTP) file I used to create the keys. However it appears the challenge file name is different. Any ideas? Thanks!

My domain is:

I ran this command:certbot renew (with and without --standalone)

It produced this output: Attempting to renew cert ( from /etc/letsencrypt/renewal/davecyndi .net.conf produced an unexpected error: Failed authorization procedure. davecynd (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks suf ficient authorization :: Invalid response from acme-challenge/3F6n0riI4AhVeBd0iFBykWxFNJXfcayInTzLbTLwkuU []: “\n<html lang=“en”>\n\n<meta charset=“utf-8”>\nError \n\n\n

Cannot GET /.well-known/”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

My web server is (include version): AWS EC2 Ubuntu v16.04, Express version 4.17.1, Node v11.8.0

The operating system my web server runs on is (include version):

I can login to a root shell on my machine: yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is: cerbot 0.31.0

Hi @dmessier,

Your web site responds with a header indicating that it’s running Express, so I would think that if you wanted to use --standalone, you would need to stop Express (I’m not sure exactly what that is) first.

The challenge file name is always going to be different every time.

1 Like

Found a solution! By default, certbot uses ports 80 and 443 for the renewal challenge. Need to specify --http-01-port and --tls-sni-01-port parameters to identify internal ports such as 8080.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.