Please find the standard form response below, but in addition please note that I’ve tested each of these domains individually on letsdebug.net using HTTP-01 and they’ve all come back with no problems. I’ve also tested mirror.itruns.co.uk with DNS-01 and TLS-ALPN-01 as well and those came back fine.
Swift help would be much appreciated as my certificate expires in 2 days!
My domain is: it runs.co.uk (single certificate with domains and subdomains: itruns.co.uk diff.itruns.co.uk eats.itruns.co.uk jw.itruns.co.uk mirror.itruns.co.uk)
I ran this command:
Tried various:
- sudo certbot renew (with and without --debug-challenges, didn’t wait for prompt, it just ran through)
- sudo certbot certonly --webroot --cert-name itruns.co.uk -w /var/www/itruns -d itruns.co.uk -w /var/www/ep -d mirror.itruns.co.uk -w /var/www/jw -d jw.itruns.co.uk -w /var/www/eats -d eats.itruns.co.uk. Think I initially installed using webroot command as certbot --nginx wasn’t working, pretty sure I renewed successfully last time with just using renew, and console output when running renew by itself states Authenticator nginx, Installer nginx so I’m not sure. Incidentally I know diff.itruns.co.uk isn’t in that list, I’m not using it so was going to remove it at the same time.
It produced this output:
Running sudo certbot renew --debug-challenges
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/itruns.co.uk.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for diff.itruns.co.uk
http-01 challenge for eats.itruns.co.uk
http-01 challenge for itruns.co.uk
http-01 challenge for jw.itruns.co.uk
http-01 challenge for mirror.itruns.co.uk
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Waiting for verification…
Challenges loaded. Press continue to submit to CA. Pass “-v” for more info about
challenges.
-v
Cleaning up challenges
Attempting to renew cert (itruns.co.uk) from /etc/letsencrypt/renewal/itruns.co.uk.conf produced an unexpected error: Failed authorization procedure. itruns.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://itruns.co.uk/.well-known/acme-challenge/Uuyk0NVhhVFUDaowH1_mU4gG2_Pmt-rYoFocRNtZMww [35.176.194.112]: “\n\n404 Not Found\n\n
Not Found
\n<p”, jw.itruns.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://jw.itruns.co.uk/.well-known/acme-challenge/NnPaiL1ouP1-gA9psNH4nI_zVD5QKbTIq3a9QlCa2zM [35.176.194.112]: “\n\n404 Not Found\n\nNot Found
\n<p”, eats.itruns.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://eats.itruns.co.uk/.well-known/acme-challenge/rGpZTIy1BVHnthPp2pWbfbO3m2QJT5MhkVq4gXoFLfk [35.176.194.112]: “\n\n404 Not Found\n\nNot Found
\n<p”, diff.itruns.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://diff.itruns.co.uk/.well-known/acme-challenge/CkgmFl4JbiURZNNwphxSxGQpwcbMvDlIgNwA3Z9LKRw [35.176.194.112]: “\n\n404 Not Found\n\nNot Found
\n<p”, mirror.itruns.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mirror.itruns.co.uk/.well-known/acme-challenge/JV2uFBKCRpNrv9zjxDFHR4xY7Y6EnHQui5O2X1_WkbM [35.176.194.112]: “\n\n404 Not Found\n\nNot Found
\n<p”. Skipping.All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/itruns.co.uk/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/itruns.co.uk/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: itruns.co.uk
Type: unauthorized
Detail: Invalid response from
http://itruns.co.uk/.well-known/acme-challenge/Uuyk0NVhhVFUDaowH1_mU4gG2_Pmt-rYoFocRNtZMww
[35.176.194.112]: “\n\n404 Not
Found\n\nNot Found
\n<p”Domain: jw.itruns.co.uk
Type: unauthorized
Detail: Invalid response from
http://jw.itruns.co.uk/.well-known/acme-challenge/NnPaiL1ouP1-gA9psNH4nI_zVD5QKbTIq3a9QlCa2zM
[35.176.194.112]: “\n\n404 Not
Found\n\nNot Found
\n<p”Domain: eats.itruns.co.uk
Type: unauthorized
Detail: Invalid response from
http://eats.itruns.co.uk/.well-known/acme-challenge/rGpZTIy1BVHnthPp2pWbfbO3m2QJT5MhkVq4gXoFLfk
[35.176.194.112]: “\n\n404 Not
Found\n\nNot Found
\n<p”Domain: diff.itruns.co.uk
Type: unauthorized
Detail: Invalid response from
http://diff.itruns.co.uk/.well-known/acme-challenge/CkgmFl4JbiURZNNwphxSxGQpwcbMvDlIgNwA3Z9LKRw
[35.176.194.112]: “\n\n404 Not
Found\n\nNot Found
\n<p”Domain: mirror.itruns.co.uk
Type: unauthorized
Detail: Invalid response from
http://mirror.itruns.co.uk/.well-known/acme-challenge/JV2uFBKCRpNrv9zjxDFHR4xY7Y6EnHQui5O2X1_WkbM
[35.176.194.112]: “\n\n404 Not
Found\n\nNot Found
\n<p”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Running sudo certbot certonly --webroot --cert-name itruns.co.uk -w /var/www/itruns -d itruns.co.uk -w /var/www/ep -d mirror.itruns.co.uk -w /var/www/jw -d jw.itruns.co.uk -w /var/www/eats -d eats.itruns.co.uk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Please choose an account
1: ip-172-26-5-50.eu-west-2.compute.internal@2018-05-30T10:13:34Z (89c9)
2: ip-172-26-5-50.eu-west-2.compute.internal@2017-09-25T12:30:45Z (6f8b)
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
You are updating certificate itruns.co.uk to include new domain(s):
(None)
You are also removing previously included domain(s):
Did you intend to make this change?
(U)pdate cert/©ancel: u
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for eats.itruns.co.uk
http-01 challenge for itruns.co.uk
http-01 challenge for jw.itruns.co.uk
http-01 challenge for mirror.itruns.co.uk
Using the webroot path /var/www/eats for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. itruns.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://itruns.co.uk/.well-known/acme-challenge/Hi3SKGPrxXji8VgnEZ-ClFd4FC3hBfeUEKHADwf4vPM [35.176.194.112]: “\n\n404 Not Found\n\n
Not Found
\n<p”, eats.itruns.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://eats.itruns.co.uk/.well-known/acme-challenge/dLMTXlOw_EGMCC7Lsrjy9aC_JxvJaY7rjc05rw2C95s [35.176.194.112]: “\n\n404 Not Found\n\nNot Found
\n<p”, jw.itruns.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://jw.itruns.co.uk/.well-known/acme-challenge/2b_rtP55BgeH-pTHaMWa4yOn-ph66qicWhRCdVMKQpo [35.176.194.112]: “\n\n404 Not Found\n\nNot Found
\n<p”, mirror.itruns.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mirror.itruns.co.uk/.well-known/acme-challenge/wr0RAFNWRm11As4Fhq-SxGCkmGtP7RP2Px7RKE3F-F0 [35.176.194.112]: “\n\n404 Not Found\n\nNot Found
\n<p”IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: itruns.co.uk
Type: unauthorized
Detail: Invalid response from
http://itruns.co.uk/.well-known/acme-challenge/Hi3SKGPrxXji8VgnEZ-ClFd4FC3hBfeUEKHADwf4vPM
[35.176.194.112]: “\n\n404 Not
Found\n\nNot Found
\n<p”Domain: eats.itruns.co.uk
Type: unauthorized
Detail: Invalid response from
http://eats.itruns.co.uk/.well-known/acme-challenge/dLMTXlOw_EGMCC7Lsrjy9aC_JxvJaY7rjc05rw2C95s
[35.176.194.112]: “\n\n404 Not
Found\n\nNot Found
\n<p”Domain: jw.itruns.co.uk
Type: unauthorized
Detail: Invalid response from
http://jw.itruns.co.uk/.well-known/acme-challenge/2b_rtP55BgeH-pTHaMWa4yOn-ph66qicWhRCdVMKQpo
[35.176.194.112]: “\n\n404 Not
Found\n\nNot Found
\n<p”Domain: mirror.itruns.co.uk
Type: unauthorized
Detail: Invalid response from
http://mirror.itruns.co.uk/.well-known/acme-challenge/wr0RAFNWRm11As4Fhq-SxGCkmGtP7RP2Px7RKE3F-F0
[35.176.194.112]: “\n\n404 Not
Found\n\nNot Found
\n<p”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
nginx version: nginx/1.14.0 (EasyEngine) - I installed easy engine awhile ago, didn’t like how much it overwrote things, turned out after the fact that the guy who wrote it didn’t come up with an uninstall script for it because (and I quote) “Since I never need to uninstall easyengine, I find this case harder to imagine.” I’ve tried updating nginx directly but it comes up with other errors relating to easy engine. This may possibly be the issue, in which case I may have to do a full server install again to get rid of easy engine but naturally I’m reluctant to do this right now if this isn’t current issue.
The operating system my web server runs on is (include version):
Ubuntu 16.04 Xenial
My hosting provider, if applicable, is:
AWS Lightsail
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
certbot 0.31.0