Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Cert is due for renewal, auto-renewingâŚ
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for www.clarksclater.com
Cleaning up challenges
Attempting to renew cert (www.clarksclater.com) from /etc/letsencrypt/renewal/www.clarksclater.com.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6⌠Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.clarksclater.com/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.clarksclater.com/fullchain.pem (failure)
My web server is (include version): Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-135-generic x86_64)
The operating system my web server runs on is (include version): macOS Sierra 10.12.24
My hosting provider, if applicable, is: AWS -EC2
I can login to a root shell on my machine (yes or no, or I donât know): Yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel): No
I searched around and see others had same/similiar issues. I couldnât find a solution. The ports 80 & 443 seem tied up with other services. I run a simple static wordpress site on the server if that matters at all. I appreciate any help in getting my certificate renewed.
Your certbot recorded that you obtained the certificate using TLS-SNI-01, which is depreciated (due to security). You can try run the command certbot renew --preferred-challenges http and use http challenges or change http to webroot, which ever worked for you.
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: argument --preferred-challenges: Unrecognized challenges: webroot
Is this what you were suggesting? I had tried the http before and got the error for port 80
Youâre using the standalone authenticator, which wonât work while other services are running on port 80 (in some situations it can use port 443, but as stevenzhu mentioned thatâs deprecated and you shouldnât rely on it; it doesnât seem to help in your case anyway).
Your server seems to be running Apache, right? In that case you might try:
certbot renew --authenticator apache
If that doesnât work, update certbot to the latest version and try again. If you canât do that, you may need to start over and use the webroot method (certbot certonly --webroot etc).
Another option is to temporarily stop Apache while you do the renewal.
How would you like to authenticate with the ACME CA?
1: Apache Web Server plugin - Beta (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
Select the appropriate number [1-3] then [enter] (press âcâ to cancel): 3
Plugins selected: Authenticator webroot, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter âcâ
to cancel): www.clarksclater.com
Cert is due for renewal, auto-renewingâŚ
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.clarksclater.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verificationâŚ
Cleaning up challenges
Failed authorization procedure. www.clarksclater.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.clarksclater.com/.well-known/acme-challenge/sBSglSIfru53XIxBHT7Orxk0T2GxCf5hwtxbrS7925k: "
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
It's probably the directory where Wordpress is installed. Or you can check your Apache configuration and find the DocumentRoot. As a test, try placing a file in that directory and see if you can access it in your browser.
So, something along the lines of
certbot certonly --webroot -w /var/www/wordpress
replacing /var/www/wordpress with whatever the directory is. You might also want to add a --deploy-hook to reload Apache after renewing as well:
How would you like to authenticate with the ACME CA?
1: Apache Web Server plugin - Beta (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
Select the appropriate number [1-3] then [enter] (press âcâ to cancel): 3
Plugins selected: Authenticator webroot, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter âcâ
to cancel): www.clarksclater.com
Cert is due for renewal, auto-renewingâŚ
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.clarksclater.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verificationâŚ
Cleaning up challenges
Failed authorization procedure. www.clarksclater.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.clarksclater.com/.well-known/acme-challenge/sBSglSIfru53XIxBHT7Orxk0T2GxCf5hwtxbrS7925k: 1 "
<meta name="viewport" content"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Do I need to update the DNS for authentication? Where can I find the documentation for this?
Try putting a file there, eg /var/www/html/test.txt - can you then see that file at http://www.clarksclater.com/test.txt (skipping any certificate warnings) in a web browser?
If not, /var/www/html is not correct and youâll need to find the correct webroot directory.
I appreciate your help. Are there any commands you can recommend for me to see the entire directory of files? I should have full access to anything I need to get to in order to find out the information required.
(note the capital S) to get an overview of your Apache configuration and where the configuration is for everything. Then look in the file containing the virtual host configuration for your domain, and see if you can find the DocumentRoot.
I deployed Bitnami Wordpress if that matters as you will see a list of some files below. As you can probably tell, Iâm not really sure exactly what Iâm looking for. Could any of these be it?
By the way, I know that you eventually got things working another way, but I wanted to point out that --preferred-challenges webroot is different from --preferred-challenges http (which @stevenzhu suggested to you). In Certbot terminology, HTTP-01 is a challenge type and webroot is a plugin (which implements the HTTP-01 challenge type). So, --preferred-challenges webroot doesn't identify a valid challenge type to Certbot.