Hi everyone. I’m trying to renew certificates for several sites, and I’m getting the same errors on all of them. I’ve tried following the guide (How to stop using TLS-SNI-01 with Certbot) to no avail. Other posts in this forum suggesting stopping Apache give no result.
I’m hoping someone can help me, thanks in advance.
Here are the details for one of the servers.
My domain is: dartstudie.nl, www.dartstudie.nl, dartstudie.meditrials.nl
I ran this command: certbot-auto renew --dry-run
It produced this output:
root@dartstudie:/etc/apache2/sites-enabled# certbot-auto renew --dry-run
/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a 2.7.x release that supports hmac.compare_digest as soon as possible.
utils.DeprecatedIn23,
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/dartstudie.meditrials.nl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for dartstudie.meditrials.nl
Waiting for verification...
Challenge failed for domain dartstudie.meditrials.nl
http-01 challenge for dartstudie.meditrials.nl
Cleaning up challenges
Attempting to renew cert (dartstudie.meditrials.nl) from /etc/letsencrypt/renewal/dartstudie.meditrials.nl.conf produced an unexpected error: Some challenges have failed.. Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/dartstudie.nl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for dartstudie.nl
http-01 challenge for www.dartstudie.nl
Waiting for verification...
Challenge failed for domain www.dartstudie.nl
Challenge failed for domain dartstudie.nl
http-01 challenge for www.dartstudie.nl
http-01 challenge for dartstudie.nl
Cleaning up challenges
Attempting to renew cert (dartstudie.nl) from /etc/letsencrypt/renewal/dartstudie.nl.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/dartstudie.meditrials.nl/fullchain.pem (failure)
/etc/letsencrypt/live/dartstudie.nl/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/dartstudie.meditrials.nl/fullchain.pem (failure)
/etc/letsencrypt/live/dartstudie.nl/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: dartstudie.meditrials.nl
Type: unauthorized
Detail: Invalid response from
http://dartstudie.meditrials.nl/.well-known/acme-challenge/pyFbA4geEfSthXUoGjaYVir1WcQlPlftqPheOPYBDpM
[185.110.174.167]: 403
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- The following errors were reported by the server:
Domain: www.dartstudie.nl
Type: unauthorized
Detail: Invalid response from
http://www.dartstudie.nl/.well-known/acme-challenge/-mZ_sB92eYnCOzrVb7i4ZxRuw6niKJPWwpTRVXqvnRQ
[185.110.174.167]: 403
Domain: dartstudie.nl
Type: unauthorized
Detail: Invalid response from
http://dartstudie.nl/.well-known/acme-challenge/Q64wM6JQLjgbb_FdYd3hwhkHju6uNm_-DtsCe90syG8
[185.110.174.167]: 403
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): Apache HTTP 2.4
The operating system my web server runs on is (include version): Ubuntu 14.04.2 LTS (Trusty)
My hosting provider, if applicable, is: cloudvps.nl
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.32.0
Here are the contents of /etc/letsencrypt/renewal/dartstudie.nl.conf:
# renew_before_expiry = 30 days
version = 0.24.0
archive_dir = /etc/letsencrypt/archive/dartstudie.nl
cert = /etc/letsencrypt/live/dartstudie.nl/cert.pem
privkey = /etc/letsencrypt/live/dartstudie.nl/privkey.pem
chain = /etc/letsencrypt/live/dartstudie.nl/chain.pem
fullchain = /etc/letsencrypt/live/dartstudie.nl/fullchain.pem
# Options used in the renewal process
[renewalparams]
authenticator = apache
installer = apache
account = 2533b5d9a01e216f637c740c3a85cb81
root@dartstudie:/etc/apache2/sites-enabled#