Renewal error, will pay/donate for help fixing my SSL

Help
1

INTRODUCTION: I am using the renew command and am getting errors. Some of the error text pasted at end of this post I really don't understand because Certbot issued my now expired cert and didn't have a problem with readmyastrology.com then.. since I got my cert, since then, I have not changed a thing.. everything should be in place for it to renew.. I don't understand therefore why I am getting these errors. I am willing to pay someone who helps me resolve this as my sites 5 of them on one cert, are down now and I'm losing business. I can be reached on das@goravani.com

My domain is: Goravani.com

I ran this command: sudo certbot renew

It produced this output: See pasted text at end of these questions

My web server is (include version): Apache 2

The operating system my web server runs on is (include version): Macintosh Catalina

My hosting provider, if applicable, is: Myself of a Macintosh

I can login to a root shell on my machine (yes or no, or I don't know): SUDO does that right?

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): MAMP PRO LATEST VERSION

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I'M USING Terminal of course, from Catalina.. release version

ERROR TEXT

Processing /etc/letsencrypt/renewal/goravani.com.conf

Cert is due for renewal, auto-renewing...

Plugins selected: Authenticator webroot, Installer None

Renewing an existing certificate

Performing the following challenges:

http-01 challenge for www.readmyastrology.com

Using the webroot path /Applications/MAMP/htdocs/dasgoravani for all unmatched domains.

Waiting for verification...

Challenge failed for domain www.readmyastrology.com

http-01 challenge for www.readmyastrology.com

Cleaning up challenges

Attempting to renew cert (goravani.com) from /etc/letsencrypt/renewal/goravani.com.conf produced an unexpected error: Some challenges have failed.. Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/goravani.com/fullchain.pem (failure)

Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/jyotishstudio.com.conf (parsefail)

1 renew failure(s), 1 parse failure(s)

IMPORTANT NOTES:

2 Likes
2

Hi @Daniel3

checking that domain via https://check-your-website.server-daten.de/?q=readmyastrology.com#certificates

There is one certificate with 10 domain names:

CN=goravani.com
	19.07.2020
	17.10.2020
16 days expired	dasgoravani.com, goravani.com, goravanijyotish.com, 
jyotishstudio.com, readmyastrology.com, www.dasgoravani.com, 
www.goravani.com, www.goravanijyotish.com, www.jyotishstudio.com, 
www.readmyastrology.com - 10 entries

Are all of these domains on the same server? If no (or if that domain doesn't exist), that may not work.

You use webroot. Is this

the correct webroot of that not working domain? If no, that can't work.

Check the documentation how to use different -w parameters in one command if these domains have different webroots.

https://certbot.eff.org/docs/using.html

Or (other option): Split the certificate in different certificates. So you can create one certificate per main domain (non-www and www), but other domains aren't affected.

One certificate with a lot of domain names may be difficult if one domain isn't longer used.

3 Likes
3

I got my cert renewed.. it's through the simplest and strangest of things

In MAMP PRO, I turned on ALLOW HTTP CONNECTIONS for the site that was giving a well known challenge failure error.. Once I did that the cert renewed no problem

My sites are back up, yay

Thank you certbot community, specifically thank you JuergenAuer

5 Likes
4

Yep, http connections are required to validate your domain.

Happy to read you have found a solution :+1:

4 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.