Renewall not possible

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: screwcloud.dynpc.net

I ran this command:

sudo certbot renew --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/screwcloud.dynpc.net.conf

Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for screwcloud.dynpc.net
Waiting for verification…
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/screwcloud.dynpc.net.conf produced an unexpected error: Failed authorization procedure. screwcloud.dynpc.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://screwcloud.dynpc.net/.well-known/acme-challenge/7BW9EU1HT46-GNeGsxy2jYDcgmfdLNMsiou1GPtDh5U: “\r\n403 Forbidden\r\n<body bgcolor=“white”>\r\n

403 Forbidden

\r\n
”. Skipping.
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/screwcloud.dynpc.net/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

My web server is (include version):
nginx version: nginx/1.10.3

The operating system my web server runs on is (include version):
Raspbian GNU/Linux 9 \n \l

My hosting provider, if applicable, is:
anydns

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Please also provide the contents of /var/log/letsencrypt/letsencrypt.log.

Hi @DocMo

checking your domain ( https://check-your-website.server-daten.de/?q=screwcloud.dynpc.net ):


Domainname Http-Status redirect Sec. G
http://screwcloud.dynpc.net/
87.178.20.132 301 https://screwcloud.dynpc.net/ 0.110 A
https://screwcloud.dynpc.net/
87.178.20.132 302 Login – Screwcloud 7.500 N
Certificate error: RemoteCertificateChainErrors
Login – Screwcloud 200 3.364 N
Certificate error: RemoteCertificateChainErrors
http://screwcloud.dynpc.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
87.178.20.132 301 https://screwcloud.dynpc.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.043 A
https://screwcloud.dynpc.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 403 1.907 N
Forbidden
Certificate error: RemoteCertificateChainErrors

You have a redirect http -> https, this isn't a problem. Same with the expired certificate, Letsencrypt ignores this error.

But you have a real http status code 403 - Forbidden. 404 - not found - was expected.

So your configuration must allow to load a file via /.well-known/acme-challenge.

Create a file (file name 1234) in this subdirectory and test, if you can load this file with your browser.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.