Renewing certificate is failing with proper dns settings

Srinivasraodaram · July 3, 2020, 11:00am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: starfirefarmga.com

I ran this command: certbot --nginx --redirect --webroot-path /etc/nginx/ -d starfirefarmga.com -d www.starfirefarmga.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.starfirefarmga.com
Waiting for verification…
Challenge failed for domain www.starfirefarmga.com
http-01 challenge for www.starfirefarmga.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
** - The following errors were reported by the server:**

** Domain: www.starfirefarmga.com**
** Type: unauthorized**
** Detail: Invalid response from**
** http://www.starfirefarmga.com/.well-known/acme-challenge/iixi6jTwVQ3QYn-Dy0-vcS6UPy8omy0wZ0ugald9k7o**
** : “\n\n\n\n<!–[if”**

** To fix these errors, please make sure that your domain name was**
** entered correctly and the DNS A/AAAA record(s) for that domain**
** contain(s) the right IP address.**

My web server is (include version): Centos

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot --version:- certbot 1.3.0
If I ping both the domains they are working fine and dns settings is also good and if I try to renew the certificate for both the domains it is not renewing properly

JuergenAuer · July 3, 2020, 11:30am

Hi @Srinivasraodaram

your command is wrong. If you want to use webroot, you have to use --webroot, not --nginx.

https://certbot.eff.org/docs/using.html

Srinivasraodaram · July 3, 2020, 11:48am

Hi Juergen,
we are running the same command from past years it worked fine while generating and from the past few days while renewing for the sites we are using the same command and it is throwing with http-01 failed for one domain where the DNS settings for that domain are correct…
Thanks

Srinivasraodaram · July 6, 2020, 10:23am

I tried with your solution but I am getting the same http-01 challenge error for www domain and the dns settings for www domain is fine
certbot certonly --webroot --nginx --redirect --webroot-path /etc/nginx/ -d starfirefarmga.com -d www.starfirefarmga.com

system · August 5, 2020, 10:23am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.