Renewal of letsencrypt certificate


#1

Please fill out the fields below so we can help you better.

My domain is: www.arkventures.com.np

I ran this command: letsencrypt renew

It produced this output:
Processing /etc/letsencrypt/renewal/arkventures.com.np.conf
2017-02-25 08:43:37,042:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/arkventures.com.np.conf produced an unexpected error: Failed authorization procedure. arkventures.com.np (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://arkventures.com.np/.well-known/acme-challenge/OEKLCdORkuSBwfFhLGHvvhVJSqj7CfM079PuErOkcCk: "

404 Not Found

404 Not Found


", www.arkventures.com.np (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for www.arkventures.com.np. Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/arkventures.com.np/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: arkventures.com.np
    Type: unauthorized
    Detail: Invalid response from http://arkventures.com.np/.well-known
    /acme-challenge/OEKLCdORkuSBwfFhLGHvvhVJSqj7CfM079PuErOkcCk:
    "

    404 Not Found

    404 Not Found


    "

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

  • The following errors were reported by the server:

    Domain: www.arkventures.com.np
    Type: connection
    Detail: DNS problem: NXDOMAIN looking up A for
    www.arkventures.com.np

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My operating system is (include version): Ubuntu 16.04.1 LTS (Xenial Xerus)

My web server is (include version): 16.04.1 LTS (Xenial Xerus)

My hosting provider, if applicable, is: Digital Ocean Droplet

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

you need to sort out your web server and make sure that it serves up the HTTP challenge file


#3

the www. version of your website also doesn’t exist


#4

Hi,

I did the following for the http challenge :
mkdir -p /var/www/arkventures.com.np/.well-known/acme-challenge
chmod a+x /var/www/arkventures.com.np/.well-known /var/www/arkventures.com.np/.well-known/acme-challenge
chown SCRIPTUSER /var/www/arkventures.com.np/.well-known/acme-challenge

still get the same error. Do i need to put something inside acme-challenge folder ?

Thanks,


#5

Your non-HTTPS website redirects to the HTTPS-enabled website. Do both use the same webroot? Or is the webroot different? Because Let's Encrypts validation server follows these redirects and if the webroot is in a different location on the HTTPS site, it won’t find the challenge.

By the way, @ahaw021, www.arkventures.com.np resolves fine again, at least, from this endpoint it does.


#6

Thanks for the response.
It works now. I re generated the certificate using :
sudo letsencrypt certonly -a webroot --webroot-path=/var/www/arkventures.com.np/html -d arkventures.com.np -d www.arkventures.com.np

and for the DNS issue, i added an A record for my DNS to direct www to my droplet IP as well.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.