Hello, I recently changed Registrars from (Name.com) to (Google Domains), and now I am having problems renewing the domain through the command line. Login into the site, bonsi.org or www.bonsi.org is fine from the web.
I was able to renew 2 others domains throughout the same command line with no issues. The domains still under the Registrar Name.com, the Sites are hosted on my server .
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for bonsi.org
http-01 challenge for www.bonsi.org
Using the webroot path /Users/SiteUser/Sites for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. bonsi.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://bonsi.org/.well-known/acme-challenge/_WaRM1EIRh3bkVjMRJxkWL9dYmb3qYc9BvqSKHN3St0: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p", www.bonsi.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.bonsi.org/.well-known/acme-challenge/9TRfiTo1iYARSnJ_hJUlO84BKHG3hs5MgIlgZ22zoC0: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: bonsi.org
Type: unauthorized
Detail: Invalid response from
http://bonsi.org/.well-known/acme-challenge/_WaRM1EIRh3bkVjMRJxkWL9dYmb3qYc9BvqSKHN3St0:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
Domain: www.bonsi.org
Type: unauthorized
Detail: Invalid response from
http://www.bonsi.org/.well-known/acme-challenge/9TRfiTo1iYARSnJ_hJUlO84BKHG3hs5MgIlgZ22zoC0:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
During the renew process, (After had input the terminal LE command), I can see the challenge communication with the directory temporarily creating the "acme-challenge" folder. However, it fails immediately after that, producing the output logs! Therefore, there is a communication with the server but LE denies doing after that.
I have gone to this issue before about IPv6 and IPv4 and is not that LE prefers IPv6 over IPv4! It is when your network has both, it tries to communicate with IPv6 and fails if there is not a proper response from IPv6. Aware of that, I had turned off IPv6 on the router and the same output come out. So, I think is something else...
Note that I do have two other domains being hosted on this server with the same setup and they renewed without any problems.
I had turn-off IPv6 on the router but forgot to delete the IPv6 entries on the Registrar Parent, Google Domains. After deleting those IPv6 entries, the renew process went through fine.
> [server:~] root# cd /Users/AdminUser/letsencrypt
> [server:~/letsencrypt] root# ./certbot-auto certonly --webroot --webroot-path /Users/SiteUser/Sites/ --email webmaster@bonsi.org -d bonsi.org -d www.bonsi.org
> Saving debug log to /var/log/letsencrypt/letsencrypt.log
> Plugins selected: Authenticator webroot, Installer None
> Cert is due for renewal, auto-renewing...
> Renewing an existing certificate
> Performing the following challenges:
> http-01 challenge for bonsi.org
> http-01 challenge for www.bonsi.org
> Using the webroot path /Users/SiteUser/Sites for all unmatched domains.
> Waiting for verification...
> Cleaning up challenges
>
> IMPORTANT NOTES:
> - Congratulations! Your certificate and chain have been saved at:
> /etc/letsencrypt/live/bonsi.org/fullchain.pem
> Your key file has been saved at:
> /etc/letsencrypt/live/bonsi.org/privkey.pem
> Your cert will expire on 2017-12-23. To obtain a new or tweaked
> version of this certificate in the future, simply run certbot-auto
> again. To non-interactively renew *all* of your certificates, run
> "certbot-auto renew"
> - If you like Certbot, please consider supporting our work by:
>
> Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
> Donating to EFF: https://eff.org/donate-le