I’m on debian 8 with certbot 0.10.2
I successfully generated a cert with the following command :
certbot certonly --standalone --http-01-port 4000 -w /home/letsencrypt -d testsys1.5flow.com
This allow me to generate the certificate without stopping the server.
The certificate works well with nginx.
Now I want to check the renew :
certbot renew --dry-run
I have the following error :
Attempting to renew cert from /etc/letsencrypt/renewal/testsys1.5flow.com.conf produced an unexpected error: Failed authorization procedure. testsys1.5flow.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://testsys1.5flow.com/.well-known/acme-challenge/8lQEdZn0Xv59okZSgebnaUW4BXDXsaBMICAh_KfZrhw: 403 Forbidden
This is the file /etc/letsencrypt/renewal/testsys1.5flow.com.conf :
#renew_before_expiry = 30 days
version = 0.10.2
archive_dir = /etc/letsencrypt/archive/testsys1.5flow.com
cert = /etc/letsencrypt/live/testsys1.5flow.com/cert.pem
privkey = /etc/letsencrypt/live/testsys1.5flow.com/privkey.pem
chain = /etc/letsencrypt/live/testsys1.5flow.com/chain.pem
fullchain = /etc/letsencrypt/live/testsys1.5flow.com/fullchain.pem
#Options used in the renewal process
account = e209a504e915174e35112ce32bbe9f95
http01_port = 4000
authenticator = standalone
installer = None
webroot_path = /home/letsencrypt,
I understand that the port 4000 is not used by the renew (while it worked for the creation).
I found no option to specify port at renew time, and found no thread here and there that answers this specific problem.
Any help will be much appreciated.