I've had certbot running and working for some time. Recently I received a message from letsencrypt saying my certs were going to expire, so I tried a certbot renew and was surprised that it completely failed. What's odd is that it doesn't seem to construct the validation URL properly, instead of "https:///.well-known/acme-challenge/..." it is skipping the '/' after the domain, giving me "https://.well-known/acme-challenge/...". Don't know if that's causing the problem.
I do know that SSL is working fine on my websites.
I have a few domains sharing a cert, but either this one is the problem or it's the first one that certbot is trying to run.
My domain is: wolf.marginalhacks.com
I ran this command: certbot renew --dry-run
It produced this output:
Processing /etc/letsencrypt/renewal/davepics.com.conf
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for daveola.com
http-01 challenge for davepics.com
http-01 challenge for davesource.com
http-01 challenge for gangtime.com
http-01 challenge for getdave.com
http-01 challenge for id.daveola.com
http-01 challenge for login.dancecal.com
http-01 challenge for marginalhacks.com
http-01 challenge for stamp.marginalhacks.com
http-01 challenge for wolf.marginalhacks.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (davepics.com) from /etc/letsencrypt/renewal/davepics.com.conf produced an unexpected error: Failed authorization procedure. wolf.marginalhacks.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://wolf.marginalhacks.com.well-known/acme-challenge/9_3nrEHA105JIJwCpe7ExvotGM42_1kN7Lnp6UGecfM: Error getting validation data. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/davepics.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/davepics.com/fullchain.pem (failure)Additionally, the following renewal configuration files were invalid:
/etc/letsencrypt/renewal/davefaq.com.conf (parsefail)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 1 parse failure(s)
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: wolf.marginalhacks.com
Type: connection
Detail: Fetching
https://wolf.marginalhacks.com.well-known/acme-challenge/9_3nrEHA105JIJwCpe7ExvotGM42_1kN7Lnp6UGecfM:
Error getting validation data
My web server is (include version): apache2.4.18
The operating system my web server runs on is (include version): Ubuntu 16.04.5
My hosting provider, if applicable, is: serverpronto
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no