@hteo , Please provide the error message after running certbot renew command .
Copy paste all the error message . It will be helpful. you can hide/replace the code paths , domain name , but need to see entire error message,
@hteo it shows client lacks sufficient authorization . Did you recently change document root of the site ?
https://imgur.com/8Q3ze7L in this you can see Document root . did you change this after generating certs.
no, I haven’t changed it recenlty. The document root is always been the same…
Is there an alternative?Maybe not renew but something that download certs like the first time?
certbot delete --cert-name example.com
Ok, tonight I’ll try.
After I can use this guide to regenerate all the certs?
Thanks
Our certbot documentation is far better than those . i Recommend this . Use web root and u can manually fill the ssl certs inside configs.
By the way, @gotham, this particular explanation of changing DocumentRoot after generating the cert is only relevant to the HTTP-01 challenge (for example using --webroot), but this error shows the TLS-SNI-01 challenge (for example using --apache). This authentication method doesn't rely on knowing the server's DocumentRoot.
I have tried this command:
certbot certonly --webroot -w /root/unishare2 -d www.unishare.it -d unishare.it -w /root/unishare2
after deleted the old instance of certbot.
But, I have the usually “lacks of authorization command”
Can you make test files in /root/unishare2 and /root/unishare2/.well-known/acme-challenge to make sure that they are served by your web server and visible in a web browser?
What do you mean with “test files”? Just blank text files?
And also, I haven’t this directory:
/root/unishare2/.well-known/acme-challenge
Yes, @schoen means text files, and better if the files have no extension.
echo -n "test in root" > /root/unishare2/testroot
And try to reach the file:
http://unishare.it/testroot
http://www.unishare.it/testroot
mkdir -p /root/unishare2/.well-known/acme-challenge/
echo -n "test in acme-challenge" > /root/unishare2/.well-known/acme-challenge/testacme
And try to reach the file:
http://unishare.it/.well-known/acme-challenge/testacme
http://www.unishare.it/.well-known/acme-challenge/testacme
Cheers,
sahsanu
I follow your instructions, but using React and Node JS on my website, I have to create a specific route to reach that files…
Hi @hteo,
I don’t use React nor node.js but if you want to validate your domain using webroot then you need to find a way to answer requests like http://unishare.it/.well-known/acme-challenge/random-string with the content of /root/unishare2/.well-known/acme-challenge/random-string.
As you said, you already created specific routes to serve the test files so I suppose you could create a new one route to serve the challenge keeping in mind that the challenge test file will have random characters.
If your DNS server provides some kind of API to create/modify/delete records you could use DNS challenge instead of HTTP challenge.
Cheers,
sahsanu
@hteo , As you are using Nodejs to serve your site , you should be using Rewrite method or proxy module in apache to match the nodejs service with the domain name .for ex: 127.0.0.1:4006 is matched with domain.com. you can give any folder as document root for this site. Say , create a folder named public_html inside /root/unishare2. place an index.html file there .Now change the document root of the site to /root/unishare/public_html .Now run
certbot certonly -a webroot --webroot-path=/root/unishare2/public_html -d unishare.it -d www.unishare.it
and add it to apache web config for *:443 .Now start your pm2 services .and try renewing .sure it will renew.
"As you said, you already created specific routes to serve the test files " no, I didn’t do that
@gotham I have that folder on my website! now I try to use it.Thanks!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.