Renewal failing; where did .well-known com from

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:www.lineagewh.com

I ran this command:
sudo /usr/bin/certbot renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/lineagewh.com.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for lineagewh.com
http-01 challenge for wwui.lineagewh.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (lineagewh.com) from /etc/letsencrypt/renewal/lineagewh.com.conf produced an unexpected error: Failed authorization procedure. lineagewh.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://www.lineagewh.com.well-known/acme-challenge/OSgETBQumO67ijzj7juTRgFgfjyAU1UXlmspWAjKvOg: Invalid host in redirect target “www.lineagewh.com.well-known”. Check webserver config for missing ‘/’ in redirect target., wwui.lineagewh.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://www.lineagewh.com.well-known/acme-challenge/98gBVoUr-1daNitfJYpzabnDzcfl3hfzsmKgLE_V-nw: Invalid host in redirect target “www.lineagewh.com.well-known”. Check webserver config for missing ‘/’ in redirect target… Skipping.


Processing /etc/letsencrypt/renewal/wwui.usgwh.com.conf


Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/lineagewh.com/fullchain.pem (failure)


The following certs are not due for renewal yet:
/etc/letsencrypt/live/wwui.usgwh.com/fullchain.pem expires on 2019-10-26 (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/lineagewh.com/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

My web server is (include version):
Server version: Apache/2.4.18 (Ubuntu)
Server built: 2019-04-03T13:34:47

The operating system my web server runs on is (include version):
Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-154-generic x86_64)

My hosting provider, if applicable, is:
N/A

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

Hi @dpatterson

there

is your answer.

You have a redirect http -> https, but there is a missing "/".

Checking your domain ( https://check-your-website.server-daten.de/?q=lineagewh.com ) you see the problem:

Domainname Http-Status redirect Sec. G
http://lineagewh.com/
12.197.117.166 301 https://www.lineagewh.com 0.590 E
http://www.lineagewh.com/
12.197.117.166 301 https://www.lineagewh.com 0.544 A
https://lineagewh.com/
12.197.117.166 302 Login-Warehouse System 5.147 B
https://www.lineagewh.com/
12.197.117.166 302 Login-Warehouse System 4.966 B
https://www.lineagewh.com 302 Login-Warehouse System 8.607 B
Login-Warehouse System 200 4.627 I
small content:
Login-Warehouse System 200 7.610 I
small content:
http://lineagewh.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
12.197.117.166 301 https://www.lineagewh.com.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.607 E
Visible Content: Moved Permanently The document has moved here . Apache/2.4.18 (Ubuntu) Server at lineagewh.com Port 80
http://www.lineagewh.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
12.197.117.166 301 https://www.lineagewh.com.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.587 A
Visible Content: Moved Permanently The document has moved here . Apache/2.4.18 (Ubuntu) Server at www.lineagewh.com Port 80
https://www.lineagewh.com.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de -1 0.030 R
NameResolutionFailure - The remote name could not be resolved: 'www.lineagewh.com.well-known'

http + domain redirects to https, but the ending / is removed.

If there is a subfolder /.well-known, the result is wrong.

So check your port 80 rewrite rule and add the missing /.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.