I was trying to renew certificate, but got an authorization error(404). After searching this forum, I got a suggestion what maybe wrong, but I don't know how to fix it exactly, because the solution wasn't specified simple enough for my current knowledge.
I have a file in this dir /etc/letsencrypt/renewal/filename.conf . Content of the file is this:
renew_before_expiry = 30 days
version = 0.27.0
archive_dir = /etc/letsencrypt/archive/limbo.company
cert = /etc/letsencrypt/live/limbo.company/cert.pem
privkey = /etc/letsencrypt/live/limbo.company/privkey.pem
chain = /etc/letsencrypt/live/limbo.company/chain.pem
fullchain = /etc/letsencrypt/live/limbo.company/fullchain.pemOptions used in the renewal process
[renewalparams]
account = c06c38b3aa32c0aeb048a808c58b3fc6
authenticator = webroot
webroot_path = /var/www/html,
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
limbo.company = /var/www/html
www.limbo.company = /var/www/html
I have very similar problem to this issue link, but in the end the people didn't clearify what exactly they did. I guess there's problem with webroot_path/webroot_map, but how exactly am I supposed to change it? (I switched to backend programming from frontend literally today, I understand this question is silly, but still).
The problem is:
I ran this command:
sudo letsencrypt renew
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/domain.name.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for domain.name http-01 challenge for www.domain.name Using the webroot path /var/www/html for all unmatched domains. Waiting for verification... Cleaning up challenges Attempting to renew cert (domain.name) from /etc/letsencrypt/renewal/domain.name.conf produced an unexpected error: **Failed authorization procedure**. domain.name (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://domain.name/.well-known/acme-challenge/lrkbIzMxArFUDpt3R9_x5qJzOVXfT2gXSmOjq2n1Z6w [95.213.194.213]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>**404 Not Found**</h1></center>\r\n<hr><center>", www.domain.name (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://domain.name/.well-known/acme-challenge/52LgydpsMF-Y6I825MN5RfH3HxKw9JrU82AjKK93h0M [95.213.194.213]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>". Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/domain.name/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/domain.name/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s) IMPORTANT NOTES: - The following errors were reported by the server: Domain: domain.name Type: unauthorized Detail: Invalid response from https://domain.name/.well-known/acme-challenge/lrkbIzMxArFUDpt3R9_x5qJzOVXfT2gXSmOjq2n1Z6w [95.213.194.213]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>" Domain: www.domain.name Type: unauthorized Detail: Invalid response from https://domain.name/.well-known/acme-challenge/52LgydpsMF-Y6I825MN5RfH3HxKw9JrU82AjKK93h0M [95.213.194.213]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
My web server is (include version):
nginx/1.14.0 (Ubuntu)
The operating system my web server runs on is (include version):
Linux 4.15.0-96-generic x86_64
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes.
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
access via terminal (ssh root@address);
The version of my client is:
certbot 0.27.0
I appreciate any help