@hteo , Please provide the error message after running certbot renew command .
Copy paste all the error message . It will be helpful. you can hide/replace the code paths , domain name , but need to see entire error message,
@hteo , Please provide the error message after running certbot renew command .
Copy paste all the error message . It will be helpful. you can hide/replace the code paths , domain name , but need to see entire error message,
@hteo it shows client lacks sufficient authorization . Did you recently change document root of the site ?
https://imgur.com/8Q3ze7L in this you can see Document root . did you change this after generating certs.
no, I haven’t changed it recenlty. The document root is always been the same…
Is there an alternative?Maybe not renew but something that download certs like the first time?
Ok, tonight I’ll try.
After I can use this guide to regenerate all the certs?
Thanks
Our certbot documentation is far better than those . i Recommend this . Use web root and u can manually fill the ssl certs inside configs.
By the way, @gotham, this particular explanation of changing DocumentRoot after generating the cert is only relevant to the HTTP-01 challenge (for example using --webroot
), but this error shows the TLS-SNI-01 challenge (for example using --apache
). This authentication method doesn't rely on knowing the server's DocumentRoot.
I have tried this command:
certbot certonly --webroot -w /root/unishare2 -d www.unishare.it -d unishare.it -w /root/unishare2
after deleted the old instance of certbot.
But, I have the usually “lacks of authorization command”
Can you make test files in /root/unishare2
and /root/unishare2/.well-known/acme-challenge
to make sure that they are served by your web server and visible in a web browser?
What do you mean with “test files”? Just blank text files?
And also, I haven’t this directory:
/root/unishare2/.well-known/acme-challenge
Yes, @schoen means text files, and better if the files have no extension.
echo -n "test in root" > /root/unishare2/testroot
And try to reach the file:
http://unishare.it/testroot
http://www.unishare.it/testroot
mkdir -p /root/unishare2/.well-known/acme-challenge/
echo -n "test in acme-challenge" > /root/unishare2/.well-known/acme-challenge/testacme
And try to reach the file:
http://unishare.it/.well-known/acme-challenge/testacme
http://www.unishare.it/.well-known/acme-challenge/testacme
Cheers,
sahsanu
I follow your instructions, but using React and Node JS on my website, I have to create a specific route to reach that files…
Hi @hteo,
I don’t use React nor node.js but if you want to validate your domain using webroot then you need to find a way to answer requests like http://unishare.it/.well-known/acme-challenge/random-string
with the content of /root/unishare2/.well-known/acme-challenge/random-string
.
As you said, you already created specific routes to serve the test files so I suppose you could create a new one route to serve the challenge keeping in mind that the challenge test file will have random characters.
If your DNS server provides some kind of API to create/modify/delete records you could use DNS challenge instead of HTTP challenge.
Cheers,
sahsanu
@hteo , As you are using Nodejs to serve your site , you should be using Rewrite method or proxy module in apache to match the nodejs service with the domain name .for ex: 127.0.0.1:4006 is matched with domain.com. you can give any folder as document root for this site. Say , create a folder named public_html inside /root/unishare2. place an index.html file there .Now change the document root of the site to /root/unishare/public_html .Now run
certbot certonly -a webroot --webroot-path=/root/unishare2/public_html -d unishare.it -d www.unishare.it
and add it to apache web config for *:443 .Now start your pm2 services .and try renewing .sure it will renew.
"As you said, you already created specific routes to serve the test files " no, I didn’t do that
@gotham I have that folder on my website! now I try to use it.Thanks!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.