My sites work fine, but the certificates are expiring soon and auto-renewal and manual renewal both fail. Auto-renewal worked fine before I changed the domain name. I assume that the domain name change is the source of the renewal problem, but I don't know that for sure. I haven't changed anything else on the server, however.
My domain is:
Old domain: physanth.org
New domain: bioanth.org
I ran this command:
sudo certbot renew --dry-run
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/anthro.vancouver.wsu.edu.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for bioanth.org and 6 more domains
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: app.physanth.org
Type: unauthorized
Detail: 2606:4700:3034::ac43:8ee3: Invalid response from http://bioanth.org/.well-known/acme-challenge/wBty2MXgKNwdIPIs_Y29yCC_wf09A43to5Fkjny5QkQ: 404
Domain: meeting.physanth.org
Type: unauthorized
Detail: 2606:4700:3036::6815:2ede: Invalid response from http://bioanth.org/.well-known/acme-challenge/WkR_YN4d6tbv7rOIMuTq4rzqf-vY8aZASw5UvIaSypk: 404
Domain: physanth.org
Type: unauthorized
Detail: 2606:4700:3036::6815:2ede: Invalid response from http://bioanth.org/.well-known/acme-challenge/T1kIrO42KkzQVQcuvXxqLJ8e-Jv4iPTyTmnNTpgdi0Q: 404
Domain: www.physanth.org
Type: unauthorized
Detail: 2606:4700:3034::ac43:8ee3: Invalid response from http://bioanth.org/.well-known/acme-challenge/vlDTlbVUSW9D2N9GN3EM_Oy4IQQ4EfKskneMjXw2ZIU: 404
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Failed to renew certificate anthro.vancouver.wsu.edu with error: Some challenges have failed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/bioanth.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for bioanth.org and 6 more domains
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: physanth.org
Type: unauthorized
Detail: 2606:4700:3034::ac43:8ee3: Invalid response from http://bioanth.org/.well-known/acme-challenge/cweI6ZHT-t8PEBr2aCyB3iUA4g4ZcVDxzOV5MjptTG4: 404
Domain: www.physanth.org
Type: unauthorized
Detail: 2606:4700:3034::ac43:8ee3: Invalid response from http://bioanth.org/.well-known/acme-challenge/wuV2wBXcPa4Gf8inkigN27xxsCCjsl7a1SD47-LbvYM: 404
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Failed to renew certificate bioanth.org with error: Some challenges have failed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/anthro.vancouver.wsu.edu/fullchain.pem (failure)
/etc/letsencrypt/live/bioanth.org/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version):
nginx version: nginx/1.14.0 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 18.04.3
My hosting provider, if applicable, is:
n/a
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 1.30.0
More info:
edhagen@anthro:~$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: anthro.vancouver.wsu.edu
Serial Number: 36287396805393341b518808afb7d13c8a6
Key Type: RSA
Domains: bioanth.org anthro.vancouver.wsu.edu app.physanth.org meeting.physanth.org physanth.org www.bioanth.org www.physanth.org
Expiry Date: 2022-09-30 19:47:18+00:00 (VALID: 7 days)
Certificate Path: /etc/letsencrypt/live/anthro.vancouver.wsu.edu/fullchain.pem
Private Key Path: /etc/letsencrypt/live/anthro.vancouver.wsu.edu/privkey.pem
Certificate Name: bioanth.org
Serial Number: 42d69775010cbee51b7fe69cf796382a0c4
Key Type: RSA
Domains: bioanth.org anthro.vancouver.wsu.edu app.bioanth.org meeting.bioanth.org physanth.org www.bioanth.org www.physanth.org
Expiry Date: 2022-09-30 20:06:21+00:00 (VALID: 7 days)
Certificate Path: /etc/letsencrypt/live/bioanth.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/bioanth.org/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
edhagen@anthro:~$ ls -l /etc/nginx/sites-enabled/
total 0
lrwxrwxrwx 1 root root 33 Feb 2 2019 anthro -> /etc/nginx/sites-available/anthro
lrwxrwxrwx 1 root root 30 Nov 10 2020 app -> /etc/nginx/sites-available/app
lrwxrwxrwx 1 root root 34 Jul 2 12:46 bioanth -> /etc/nginx/sites-available/bioanth
lrwxrwxrwx 1 root root 34 Nov 9 2020 meeting -> /etc/nginx/sites-available/meeting
edhagen@anthro:~$ ls -l /etc/nginx/sites-available/
total 24
-rw-r--r-- 1 root root 1418 Jul 2 14:06 anthro
-rw-r--r-- 1 root root 674 Jul 2 14:06 app
-rw-r--r-- 1 root root 1806 Jul 2 14:06 bioanth
-rw-r--r-- 1 root root 2416 Apr 5 2018 default
-rw-r--r-- 1 root root 1072 Jul 2 14:06 meeting
-rw-r--r-- 1 root root 1813 Jul 2 14:06 physanth
By the way, I'm an anthropology professor, not a server admin, so my admin skills are limited. Many thanks for any help you can provide.