Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: derm-in.pl
I ran this command:
It produced this output:
My web server is (include version): Apache 2.4.29
The operating system my web server runs on is (include version): Ubuntu Server 16.04 LTS
My hosting provider, if applicable, is: OVH
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ISPConfig3 3.1.11
I still observe the letsencrypt.log file and I see what happens but I don’t understand why it happens. I see:
2018-03-15 03:00:40,090:INFO:letsencrypt.reporter:Reporting to user: The following errors were reported by the server:
Domain: derm-in.pl
Type: unauthorized
Detail: Invalid response from http://derm-in.pl/.well-known/acme-challenge/51qNNlFpM-uw88txxVh5W9BuyO32jr_YtA4J6oBWL1s: "
<title>Derm-In</title>
<link rel=""
Domain: www.derm-in.pl
Type: unauthorized
Detail: Invalid response from http://www.derm-in.pl/.well-known/acme-challenge/sLohkfeUI7F5EDHxCPOsKC86aTRi2WtXlCjpS2AtIXE: "
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2018-03-15 03:00:40,091:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/derm-in.pl.conf produced an unexpected error: Failed authorization procedure. derm-in.pl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://derm-in.pl/.well-known/acme-challenge/51qNNlFpM-uw88txxVh5W9BuyO32jr_YtA4J6oBWL1s: "
<title>Derm-In</title>
<link rel="", www.derm-in.pl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.derm-in.pl/.well-known/acme-challenge$
<title>Derm-In</title>
<link rel="". Skipping.
2018-03-15 03:00:40,095:DEBUG:letsencrypt.cli:Traceback was:
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/letsencrypt/cli.py”, line 1017, in renew
obtain_cert(lineage_config, plugins, renewal_candidate)
File “/usr/lib/python2.7/dist-packages/letsencrypt/cli.py”, line 706, in obtain_cert
_, action = _auth_from_domains(le_client, config, domains, lineage)
File “/usr/lib/python2.7/dist-packages/letsencrypt/cli.py”, line 457, in _auth_from_domains
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File “/usr/lib/python2.7/dist-packages/letsencrypt/client.py”, line 252, in obtain_certificate
return self.obtain_certificate_from_csr(domains, csr) + (key, csr)
File “/usr/lib/python2.7/dist-packages/letsencrypt/client.py”, line 225, in obtain_certificate_from_csr
authzr = self.auth_handler.get_authorizations(domains)
File “/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py”, line 84, in get_authorizations
self._respond(cont_resp, dv_resp, best_effort)
File “/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py”, line 142, in _respond
self._poll_challenges(chall_update, best_effort)
File “/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py”, line 204, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
It’s real domain. DNS works - check intodns, mxtoolbox and points to some ip. I am helpless. Moreover it’s not the problem for each from maybe 20 websites but only few (and these few sites get this same error as above).