Renewal Problem

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nchanga.com

I ran this command:certbot certonly -a webroot --webroot-path=/usr/share/nginx/html -d nchanga.com -d www.nchanga.com -d mail.nchanga.com

It produced this output:

root@mail:/etc/letsencrypt/renewal# certbot certonly -a webroot --webroot-path=/usr/share/nginx/html -d nchanga.com -d www.nchanga.com -d mail.nchanga.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nchanga.com
http-01 challenge for www.nchanga.com
http-01 challenge for mail.nchanga.com
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. nchanga.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://mail.nchanga.com/.well-known/acme-challenge/IRvxHWEAZHs934Vi7vR0KJj3lXiN7u_PgvBNIs_dbgs [155.93.238.213: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n
”, www.nchanga.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://mail.nchanga.com/.well-known/acme-challenge/Qd5qQvnsrT5esk4XCix03iHpcf4fTC3Tq1q2MQiCX9w [155.93.238.213: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n
”, mail.nchanga.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://mail.nchanga.com/.well-known/acme-challenge/Q3KdIu1Ns7yugBE9ehXhbb-DTHKKVxMGKAbuODMi–8 [155.93.238.213: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: nchanga.com
Type: unauthorized
Detail: Invalid response from
https://mail.nchanga.com/.well-known/acme-challenge/IRvxHWEAZHs934Vi7vR0KJj3lXiN7u_PgvBNIs_dbgs
[155.93.238.213: “\r\n404 Not
Found\r\n<body bgcolor=“white”>\r\n

404
Not Found

\r\n

Domain: www.nchanga.com
Type: unauthorized
Detail: Invalid response from
https://mail.nchanga.com/.well-known/acme-challenge/Qd5qQvnsrT5esk4XCix03iHpcf4fTC3Tq1q2MQiCX9w
[155.93.238.213: “\r\n404 Not
Found\r\n<body bgcolor=“white”>\r\n

404
Not Found

\r\n

Domain: mail.nchanga.com
Type: unauthorized
Detail: Invalid response from
https://mail.nchanga.com/.well-known/acme-challenge/Q3KdIu1Ns7yugBE9ehXhbb-DTHKKVxMGKAbuODMi–8
[155.93.238.213: “\r\n404 Not
Found\r\n<body bgcolor=“white”>\r\n

404
Not Found

\r\n

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

My web server is (include version): nginx

The operating system my web server runs on is (include version): rasbian

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): no result.

The strange thing this was working for ages, auto-renewing like clockwork. Nothing has changed.

1 Like

Hi @chewiesw

simple answer: If webroot doesn’t work, your webroot is wrong.

Checking your first domain there are redirects to mail… https://check-your-website.server-daten.de/?q=nchanga.com

What says

nginx -T
1 Like

Wow thanks for the quick response. You are indeed correct my webroot was wrong. I managed to generate a new cert. Will auto-renew no resume working?

Thank you

2 Likes

Check your Certbot config files. There the new webroot should be visible.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.