Renew test is failing


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: sandbox.installio.com

I ran this command:sudo certbot renew --dry-run

It produced this output:

installio@sandbox:~$ sudo certbot renew --dry-run
[sudo] password for installio:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/sandbox.installio.com.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for sandbox.installio.com
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (sandbox.installio.com) from /etc/letsencrypt/renewal/sandbox.installio.com.conf produced an unexpected error: Failed authorization procedure. sandbox.in stallio.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://sandbox.installio.com/.well-known/acme -challenge/__5JUxTZjoyTfjbGWWEXCfWq7gBfziVuBKC82s2DtvE: “<html lang=“en”><meta charset=“utf-8” /><meta content=“IE=Edge,chrome=1” http-equiv=“X-UA-Com patible” /><me”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/sandbox.installio.com/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/sandbox.installio.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

My web server is (include version):

Server version: Apache/2.4.7 (Ubuntu)
Server built: Apr 18 2018 15:36:26

The operating system my web server runs on is (include version):
Ubuntu 14.04 trusty

My hosting provider, if applicable, is:

I am self-hosting on AWS

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

I am not using a control panel


#2

The apache2 config file, created by certbot included the original config file, but did not delete it. I removed the included file, and the dry run worked this time around


#3

I get a 401 unauthorized error when accessing the /acme-challenge/ folder:
root@system# wget http://sandbox.installio.com/.well-known/acme-challenge/test.txt
–2018-11-01 23:04:51-- http://sandbox.installio.com/.well-known/acme-challenge/test.txt
Resolving sandbox.installio.com (sandbox.installio.com)… 54.210.91.252
Connecting to sandbox.installio.com (sandbox.installio.com)|54.210.91.252|:80… connected.
HTTP request sent, awaiting response… 401 Unauthorized

Username/Password Authentication Failed.