Renewing Existing Certificate - ISPconfig


#1

My domain is: cloudvps.mesmo.pt
I am having problems renewing the certificate for https://cloudvps.mesmo.pt. This is an ISPconfig Machine running Ubuntu Server 14.04

I have set up several domains in this ISPconfig and all of them are auto renewing the certificates whith no proplems, except for the certificate used for the ISPconfig web interface. I am using the following command in crontab: /opt/certbot/certbot-auto renew --force-renew

I get this error:
Failed authorization procedure. cloudvps.mesmo.pt (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://cloudvps.mesmo.pt/.well-known/acme-challenge/_jG2RwkU1K_Wi5fnthvgvN77__W7hYflvJpJtsxYFqY: "

404 Not Found

Not Found

<p"

The /.well-known/acme-challenge/ is accessible

In apache a have the following configuration:

Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
<Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge>
Require all granted

In the /var/www/ directory a have the symb link = ispconfig -> /usr/local/ispconfig/interface/web

I need help

Tanks in advance.


#2

This is risky if you run it very often because it will attempt to renew every certificate that you have every time. You can run into rate limits in this case. The way we planned for people to use this was running every day, but without --force-renew, and letting certbot renew itself make the decision about whether to renew.

What webroot directory did you choose for that domain when you originally obtained the certificate? Can you make a test file in .well-known/acme-challenge under that webroot and see if you can see it at the corresponding location using a web browser?


#3

Hi schoen, taks for replying, at this time i solved the problem. At least for now its working.
I created a new certificate using:
/opt/certbot/certbot-auto --apache -d cloudvps.mesmo.pt
an then:
/opt/certbot/certbot-auto certonly --webroot -w /var/www/ispconfig/ -d cloudvps.mesmo.pt
The .well-known/acme-challenge is accessible. I have created a test file in .well-known/acme-challenge and and I acceded successfully to it using the web browser.
Concerning the crontab command /opt/certbot/certbot-auto renew --force-renew i will do as you say.

Thank very mutch for your help and concern.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.