I started with letsencrypt before there was an ubuntu package of certbot (i.e. previously using letsencrypt_auto). I've recently upgraded to use certbot (version 0.23.0 on ubuntu 18.04), but now renew is failing. I'm using the Apache plugin. $ certbot renew --dry-run Attempting to renew cert ( MYD…

Hi @joewalker [image] joewalker: Attempting to renew cert ( MYDOMAIN.org ) please answer the following questions (template in Help ): Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all m…

My domain is: alsdiary.org I ran this command: certbot renew --dry-run It produced this output: Attempting to renew cert (alsdiary.org) from /etc/letsencrypt/renewal/alsdiary.org.conf produced an unexpected error: Failed authorization procedure. alsdiary.org (http-01): urn:ietf:params:acme:error:u…

[image] joewalker: 0.23.0 Should be updated to 0.28.0 (if possible). [image] joewalker: Invalid response from https://alsdiary.org/.well-known/acme-challenge/ ... TLS-SNI-01 (HTTPS) authentication will soon be completely shutoff. That said, it should have renewed today... Please show…

[image] rg305: TLS-SNI-01 (HTTPS) authentication will soon be completely shutoff. That said, it should have renewed today… The "brown out" period of (I think) 1 week has started recently. See March 13, 2019: End-of-Life for All TLS-SNI-01 Validation Support - #4 by jsha

[image] joewalker: My domain is: alsdiary.org Checking your domain there is one curious thing ( https://check-your-website.server-daten.de/?q=alsdiary.org ): Domainname Http-Status redirect Sec. G • http://alsdiary.org/ 206.189.123.47 302 https://alsdiary.org/ 0.390 A •…

[image] joewalker: <VirtualHost *:80> ServerName www.MYDOMAIN.org PS: That may be part of the problem. Add your non-www as Alias: ServerName www.alsdiary.org ServerAlias alsdiary.org Then both have the same vHost - only one vHost port 80.

This sounds like it’s the root of the problem. I’ll check this out (and upgrade certbot too). Thanks for the help - I’ll report back

So the apache update is still broken, but I think I have a workaround. certbot --version is now 0.28.0. The redirects are fixed (I broken them while trying to diagnose what was up). https://check-your-website.server-daten.de/?q=alsdiary.org is now green. However (formatted for clarity): $ certbot…

[image] joewalker: https://check-your-website.server-daten.de/?q=alsdiary.org is now green. Yes, it's green, Grade A is very good. But there you see the problem: You have two connections - this if normal, one ip address, one non-www, one www. But two certificates are listed: CN=alsdiary.or…

Thanks for your help: I fixed that problem - There is only one certificate now: $ certbot certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Found the following certs: Certificate Name: alsdiary.o…

Renewal problems after upgrading certbot

Help

Osiris February 16, 2019, 11:00am 5

The "brown out" period of (I think) 1 week has started recently. See March 13, 2019: End-of-Life for All TLS-SNI-01 Validation Support - #4 by jsha

Topic		Replies	Views
All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/fullchain.pem (failure) Help	7	24283	March 3, 2019
Produced an unexpected error: Failed authorization procedure Help	69	13970	January 21, 2019
Problem with certificate renewal Help	23	1769	January 11, 2019
Another failed authorization issue Help	18	2814	March 11, 2019
Certbot 1.22.0 renew stopped working Help	27	1482	May 24, 2024

Renewal problems after upgrading certbot

Related topics