Having changed waiter master for the regeneration of certificates, when I execute “cerbot renew” I obtain a message announcing to me that I would not enough be entitled.
Here is the error message: Attempting to renew cert from /etc/letsencrypt/renewal/MY_DOMAIN.fr.conf produced an unexpected error: Failed authorization procedure. www.MY_DOMAIN.fr (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.MY_DOMAIN.fr/.well-known/acme-challenge/QvJv7OngAr_e411sV_39Sa9_BzVhIMonyno5eC3TI_I: " 404 Not Found
Not Found
<p", MY_DOMAIN.fr (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://MY_DOMAIN.fr/.well-known/acme-challenge/rLdY0Q3Wu8y5fHX0K3ClTyHZKi1kype6dD4wJWcB-ms: " 404 Not Found
Not Found
<p". Skipping.
All renewal attempts failed. The following certs could not be renewed: _ /MOUNT_POINT/letsencrypt/live/MY_DOMAIN.fr/fullchain.pem (failure)_
Precision: certificate SSL is in a directory on my NAS, directory shared between all my servers and mounted in NFS on it.
This response indicates that Let’s Encrypt was presented with an HTTP 404 response when it requested the challenge file. You haven’t really provided us with enough information to actually help you (the question prompts are there for a reason!) but the next troubleshooting step is to usually place a test.txt file in your .well-known/acme-challenge directory and attempt to load that in a web browser - preferably from somewhere outside your network in order to also eliminate possible routing discrepancies between local machines vs. the public internet.
Whatever permissions allow it to serve test files, like the rest of your web contents. 777 is usually not recommendable - 755 is about as unrestricted as I’d go, but this question is outside the scope of what this support forum is designed for. Depending on ownership, 600 or 644 should be fine.
