Renew letsencrypt certbot certificate

@hteo , Please provide the error message after running certbot renew command .

Copy paste all the error message . It will be helpful. you can hide/replace the code paths , domain name , but need to see entire error message,

@gotham

https://imgur.com/HBeQ3iG

https://imgur.com/0qhUxtp

@hteo it shows client lacks sufficient authorization . Did you recently change document root of the site ?

https://imgur.com/8Q3ze7L in this you can see Document root . did you change this after generating certs.

no, I haven’t changed it recenlty. The document root is always been the same…
Is there an alternative?Maybe not renew but something that download certs like the first time?

certbot delete --cert-name example.com

Ok, tonight I’ll try.
After I can use this guide to regenerate all the certs?

Thanks

Our certbot documentation is far better than those . i Recommend this . Use web root and u can manually fill the ssl certs inside configs.

By the way, @gotham, this particular explanation of changing DocumentRoot after generating the cert is only relevant to the HTTP-01 challenge (for example using --webroot), but this error shows the TLS-SNI-01 challenge (for example using --apache). This authentication method doesn’t rely on knowing the server’s DocumentRoot.

I have tried this command:

certbot certonly --webroot -w /root/unishare2 -d www.unishare.it -d unishare.it -w /root/unishare2

after deleted the old instance of certbot.

But, I have the usually “lacks of authorization command”

Can you make test files in /root/unishare2 and /root/unishare2/.well-known/acme-challenge to make sure that they are served by your web server and visible in a web browser?

What do you mean with “test files”? Just blank text files?
And also, I haven’t this directory:

/root/unishare2/.well-known/acme-challenge

Yes, @schoen means text files, and better if the files have no extension.

echo -n "test in root" > /root/unishare2/testroot

And try to reach the file:
http://unishare.it/testroot
http://www.unishare.it/testroot

mkdir -p /root/unishare2/.well-known/acme-challenge/
echo -n "test in acme-challenge" > /root/unishare2/.well-known/acme-challenge/testacme

And try to reach the file:
http://unishare.it/.well-known/acme-challenge/testacme
http://www.unishare.it/.well-known/acme-challenge/testacme

Cheers,
sahsanu

I follow your instructions, but using React and Node JS on my website, I have to create a specific route to reach that files…

Hi @hteo,

I don’t use React nor node.js but if you want to validate your domain using webroot then you need to find a way to answer requests like http://unishare.it/.well-known/acme-challenge/random-string with the content of /root/unishare2/.well-known/acme-challenge/random-string.

As you said, you already created specific routes to serve the test files so I suppose you could create a new one route to serve the challenge keeping in mind that the challenge test file will have random characters.

If your DNS server provides some kind of API to create/modify/delete records you could use DNS challenge instead of HTTP challenge.

Cheers,
sahsanu

@hteo , As you are using Nodejs to serve your site , you should be using Rewrite method or proxy module in apache to match the nodejs service with the domain name .for ex: 127.0.0.1:4006 is matched with domain.com. you can give any folder as document root for this site. Say , create a folder named public_html inside /root/unishare2. place an index.html file there .Now change the document root of the site to /root/unishare/public_html .Now run

certbot certonly -a webroot --webroot-path=/root/unishare2/public_html -d unishare.it -d www.unishare.it

and add it to apache web config for *:443 .Now start your pm2 services .and try renewing .sure it will renew.

"As you said, you already created specific routes to serve the test files " no, I didn’t do that
@gotham I have that folder on my website! now I try to use it.Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.