Renewal fails with 404


#1

I’m having a lot of trouble trying to renew my certs using the 0.6.0 client from github and the 0.5.0 client from Debian Jessie backports. When I do a letsencrypt renew --dry-run I get this:

2016-05-22 22:30:19,963:WARNING:letsencrypt.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/domain.com.conf produced an unexpected error: Failed authorization procedure. domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.com/.well-known/acme-challenge/-OHZ8whtl0tibUmG7hhDKOAIfCHB9zoXJHs5PjTGRI8: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p". Skipping.

If I delete all the files associated with this domain in letsencrypt then I can create a new cert with:
letsencrypt certonly --webroot -w /home/path/to/domain/ -d domain.com but when I try to renew again it gives a 404 error.


#2

Did you also remove the files under the “renew” directory?

I had a similar issue, but it was because I’d moved the LE directory from a dying server to a new machine. Even though the website running on the new machine looked identical to the outside world, the webroot had changed, and I forgot to update the renew data.

Once I’d adjusted the renew conf everything worked fine. Have you changed anything that could still be hanging around in the “renew” subdirectory?


#3

It looks like letsencrypt was using the webroot value from the cli.ini ahead of the conf files in the renewal directory. I’m not sure if this is a bug or a misconfiguration.


#4

Hmm. My understanding was the client didn’t use cli.ini unless explicitly directed to. Maybe that’s changed since earlier versions (or maybe I was wrong from the beginning!)

I’m glad you got it sorted :slight_smile:


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.