Renewal failed after months of success for mail subdomains


#1

My problem similar to: Renewal failed after months of success but i don’t have any CSF installed, and my hoster says that they don’t use any firewalls on DNS servers. Also, i checked SOA- and A- records - it looks fine.

I try to renew or get new certificate for any domain of my server, and from today it’s fail with:

Requesting a certificate for test.oss-it.ru, www.test.oss-it.ru, mail.test.oss-it.ru from Let’s Encrypt …
… request failed :

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for test.oss-it.ru
http-01 challenge for www.test.oss-it.ru
http-01 challenge for mail.test.oss-it.ru
Using the webroot path /home/oss-it/domains/test.oss-it.ru/public_html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Unable to clean up challenge directory /home/oss-it/domains/test.oss-it.ru/public_html/.well-known/acme-challenge
Failed authorization procedure. mail.test.oss-it.ru (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.test.oss-it.ru/.well-known/acme-challenge/D6e27vP4CbdxzEgPWGlTJeat4XscGMOG-8FJ_ASSJk0: "

404 Not Found

Not Found

<p" IMPORTANT NOTES: - The following errors were reported by the server:

Domain: mail.test.oss-it.ru
Type: unauthorized
Detail: Invalid response from
http://mail.test.oss-it.ru/.well-known/acme-challenge/D6e27vP4CbdxzEgPWGlTJeat4XscGMOG-8FJ_ASSJk0:
"

404 Not Found

Not Found

<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

My domain is: test.oss-it.ru

My operating system is (include version): Debian 8

My web server is (include version): Apache

My hosting provider, if applicable, is: https://cloudc.me

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): virtualmin 5.07.gpl

Please, help.


#2

I tried to except mail.test.oss-it.ru domain from list and renewal complete… But some domains uses mail subdomain. Why i can’t get certificate for mail subdomains from now (before today - everything was ok with it)?


#3

Hi @zlaxy,

Are all of these domains hosted on the same server, and the web server application running there configured to serve content for each of them out of the same directory?


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.