Renewal fails with 404

I’m having a lot of trouble trying to renew my certs using the 0.6.0 client from github and the 0.5.0 client from Debian Jessie backports. When I do a letsencrypt renew --dry-run I get this:

2016-05-22 22:30:19,963:WARNING:letsencrypt.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/domain.com.conf produced an unexpected error: Failed authorization procedure. domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.com/.well-known/acme-challenge/-OHZ8whtl0tibUmG7hhDKOAIfCHB9zoXJHs5PjTGRI8: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p". Skipping.

If I delete all the files associated with this domain in letsencrypt then I can create a new cert with:
letsencrypt certonly --webroot -w /home/path/to/domain/ -d domain.com but when I try to renew again it gives a 404 error.

Did you also remove the files under the “renew” directory?

I had a similar issue, but it was because I’d moved the LE directory from a dying server to a new machine. Even though the website running on the new machine looked identical to the outside world, the webroot had changed, and I forgot to update the renew data.

Once I’d adjusted the renew conf everything worked fine. Have you changed anything that could still be hanging around in the “renew” subdirectory?

It looks like letsencrypt was using the webroot value from the cli.ini ahead of the conf files in the renewal directory. I’m not sure if this is a bug or a misconfiguration.

Hmm. My understanding was the client didn’t use cli.ini unless explicitly directed to. Maybe that’s changed since earlier versions (or maybe I was wrong from the beginning!)

I’m glad you got it sorted