SOLVED: Certbot renew has stopped working, seems to be constructing incorrect URL


#1

I’ve had certbot running and working for some time. Recently I received a message from letsencrypt saying my certs were going to expire, so I tried a certbot renew and was surprised that it completely failed. What’s odd is that it doesn’t seem to construct the validation URL properly, instead of “https:///.well-known/acme-challenge/…” it is skipping the ‘/’ after the domain, giving me “https://.well-known/acme-challenge/…”. Don’t know if that’s causing the problem.

I do know that SSL is working fine on my websites.

I have a few domains sharing a cert, but either this one is the problem or it’s the first one that certbot is trying to run.

My domain is: wolf.marginalhacks.com

I ran this command: certbot renew --dry-run

It produced this output:

Processing /etc/letsencrypt/renewal/davepics.com.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for daveola.com
http-01 challenge for davepics.com
http-01 challenge for davesource.com
http-01 challenge for gangtime.com
http-01 challenge for getdave.com
http-01 challenge for id.daveola.com
http-01 challenge for login.dancecal.com
http-01 challenge for marginalhacks.com
http-01 challenge for stamp.marginalhacks.com
http-01 challenge for wolf.marginalhacks.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (davepics.com) from /etc/letsencrypt/renewal/davepics.com.conf produced an unexpected error: Failed authorization procedure. wolf.marginalhacks.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://wolf.marginalhacks.com.well-known/acme-challenge/9_3nrEHA105JIJwCpe7ExvotGM42_1kN7Lnp6UGecfM: Error getting validation data. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/davepics.com/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/davepics.com/fullchain.pem (failure)

Additionally, the following renewal configuration files were invalid:
/etc/letsencrypt/renewal/davefaq.com.conf (parsefail)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 1 parse failure(s)

IMPORTANT NOTES:

My web server is (include version): apache2.4.18

The operating system my web server runs on is (include version): Ubuntu 16.04.5

My hosting provider, if applicable, is: serverpronto

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Check the Apache configuration for something like “Redirect / https://wolf.marginalhacks.com” and add a “/” at the end.


#3

You’re a genius.

I’ve added the ‘/’

Not sure where the redirect came from, I don’t recall adding that.