[Solved] Failed to renew certificate


#1

My domain is: madingxiaowei.ddns.net.

I wanted to renew my cetrificate. Below you’ll find the output. I guess something is wrong with my apache server. But I don’t know what. I haven’t changed anything in my apache configuration :frowning:

A test file at https://madingxiaowei.ddns.net/.well-known/acme-challenge/test.txt is found and there is no redirection.

I ran this command: sudo ./certbot-auto renew

It produced this output:
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/madingxiaowei.ddns.net.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for madingxiaowei.ddns.net
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (madingxiaowei.ddns.net) from /etc/letsencrypt/renewal/madingxiaowei.ddns.net.conf produced an unexpected error: Failed authorization procedure. madingxiaowei.ddns.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://madingxiaowei.ddns.net/.well-known/acme-challenge/m4HFhMbmK-NA0xIHhm1ESmWU0RYYTHBvTlIZWcy2yS0: "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n         \"http://www.". Skipping.
All renewal attempts failed. The following certs could not be renewed:
 /etc/letsencrypt/live/madingxiaowei.ddns.net/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
 /etc/letsencrypt/live/madingxiaowei.ddns.net/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
- The following errors were reported by the server:

  Domain: madingxiaowei.ddns.net
  Type:   unauthorized
  Detail: Invalid response from
  http://madingxiaowei.ddns.net/.well-known/acme-challenge/m4HFhMbmK-NA0xIHhm1ESmWU0RYYTHBvTlIZWcy2yS0:
  "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n<!DOCTYPE html
  PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n
  \"http://www."

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version): apache 2.4.10

The operating system my web server runs on is (include version): raspbian stretch

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Help is highly appreciated! Thx.

Martin


#2

I think the issue is that you have Apache on port 443, but lighthttpd on port 80.

This causes the Apache authenticator to fail.

Why the difference in webservers? You could probably use the webroot authenticator instead, it might succeed (based on the redirects you have setup):

certbot-auto renew -i apache -a webroot -w /path/to/webroot

#3

Great, this was it! Thanks a lot!


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.