Please fill out the fields below so we can help you better.

My domain is: socomusic.com

I ran this command: certbot renew

It produced this output:
No vhost exists with servername or alias of: socomusic.com (or it’s in a file with multiple vhosts, which Certbot can’t parse yet). No vhost was selected. Please specify ServerName or ServerAlias in the Apache config, or split vhosts into separate files.
Falling back to default vhost *:443…
No vhost exists with servername or alias of: socomusic.net (or it’s in a file with multiple vhosts, which Certbot can’t parse yet). No vhost was selected. Please specify ServerName or ServerAlias in the Apache config, or split vhosts into separate files.
Falling back to default vhost *:443…
No vhost exists with servername or alias of: www.socomusic.com (or it’s in a file with multiple vhosts, which Certbot can’t parse yet). No vhost was selected. Please specify ServerName or ServerAlias in the Apache config, or split vhosts into separate files.
Falling back to default vhost *:443…
No vhost exists with servername or alias of: www.socomusic.net (or it’s in a file with multiple vhosts, which Certbot can’t parse yet). No vhost was selected. Please specify ServerName or ServerAlias in the Apache config, or split vhosts into separate files.
Falling back to default vhost *:443…
Waiting for verification…
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/www.socomusic.com.conf produced an unexpected error: Failed authorization procedure. socomusic.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge.
…

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 14.04

My hosting provider, if applicable, is: vps.net

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

My renewal configuration file looks like this.

renew_before_expiry = 30 days

cert = /etc/letsencrypt/live/www.socomusic.com/cert.pem
privkey = /etc/letsencrypt/live/www.socomusic.com/privkey.pem
chain = /etc/letsencrypt/live/www.socomusic.com/chain.pem
fullchain = /etc/letsencrypt/live/www.socomusic.com/fullchain.pem
version = 0.12.0
archive_dir = /etc/letsencrypt/archive/www.socomusic.com

Options and defaults used in the renewal process

[renewalparams]
installer = apache
authenticator = apache
account = xxxxxxxxxxxxxxxxxxxx

I tried renewing with apache started first, and then i stopped the service and tried again, both result in the same error.

Of note, I auto redirect all traffic from port 80 to 443 in my vhosts file in apache:

<VirtualHost 68.169.46.243:80>
     ServerName socomusic.com
     Redirect / https://socomusic.com/
</VirtualHost>

I tried turning this off and renewing again, and it doesn’t work.

Any help would be appreciated!

Try disabling the redirection and adding something like:
Alias /.well-known/acme-challenge /local/folder
Alias /.well-known/acme-challenge/ /local/folder/

then place a “test.txt” file in that local folder.
then after that file accessible from the Internet (http://socomusic.com/.well-known/acme-challenge/test.txt)
try renewing again.

Thanks for the reply. I have tried doing as you suggested but am still getting the same error.

I did verify that the test.txt file is accessible too, and it is. Do I need to stop apache before trying to restart?

I think this advice isn’t directly relevant because /.well-known/acme-challenge (indeed, making any actual web requests at all) is only used by the HTTP-01 challenge type, which is only supported by the Certbot webroot plugin. The apache plugin, which your configuration file says you’re using, only uses the TLS-SNI-01 challenge type, which makes a TLS connection and checks for a particular certificate, but doesn’t even need to make a web request.

@bmw, could you take a look at this as another potential Apache configuration parsing issue?

Agreed, in the interim, use of:
–webroot
–webroot-path
might get the certs renewed.
As, http://socomusic.com/.well-known/acme-challenge/test.txt works.

I’m curious what default configuration file it’s trying to use. When I was configuring stuff I did move some stuff out of the way that didn’t see to make a difference to my server serving properly. Perhaps I moved a default file out of the way?

No vhost exists with servername or alias of: socomusic.com (or it's in a file with multiple vhosts, which Certbot can't 
parse yet). No vhost was selected. Please specify ServerName or ServerAlias in the Apache config, or split vhosts 
into separate files.

When I tried to renew using --webroot and --webroot-path I get the following error:

Attempting to renew cert from /etc/letsencrypt/renewal/www.socomusic.com.conf produced an unexpected error: Failed authorization procedure. socomusic.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://socomusic.com/.well-known/acme-challenge/4LM9yxnw4tS4YyKFsn_hekHcPQl1P_l75SQhg6XJwaE: "

Not Found

I was able to solve the problem. Under my configuration, I had to move back the file that I had moved out of the way:
/etc/apache2/sites-available/000-default-le-ssl.conf

Within that file, I made sure that my settings for port 443 were the same as in my live environment.

Certs were renewed successfully.

The only suggestion I have is for the error message to be a little more verbose on what it is trying to look at?

I’m glad you got it working!

Before moving 000-default-le-ssl.conf back, Certbot was showing warnings about being unable to find a VirtualHost with a ServerName or ServerAlias matching the domain you requested. What additional output would you like to see from Certbot that would have helped you debug this more quickly?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.