I have installed certbot and my first certificates like described here.
I also did a renew crontab but I have the following error:
Attempting to renew cert from /etc/letsencrypt/renewal/XX.com.conf produced an unexpected error: ‘ascii’ codec can’t encode character u’\ufeff’ in position 193: ordinal not in range(128). Skipping.
My certificate expires tomorrow.
I guess I already know what the problem is: My nginx config for that domain redirects everything to https / index.php.
I added the following location block to not redirect the acme-challenge but it seems like I do it wrong.
The root path is the same as in the conf file of the /etc/letsencrypt/renew directory.
I also tried root /var/www/html/XX.com;
and root /var/www/html/XX.com/.well-known/acme-challenge/;
That could be a problem, but it's not what certbot is complaining about, and your location block looks correct to me (though I'm not am nginx expert).
Could you share the full contents of the file /etc/letsencrypt/renewal/XX.com.conf? If at all possible please do not redact your domain name as there's a good chance the name itself is part of the problem here. Also what version of certbot are you using?
ok here is the content of /etc/letsencrypt/renewal/amcoustics.com.conf
# renew_before_expiry = 30 days
version = 0.10.2
archive_dir = /etc/letsencrypt/archive/amcoustics.com
cert = /etc/letsencrypt/live/amcoustics.com/cert.pem
privkey = /etc/letsencrypt/live/amcoustics.com/privkey.pem
chain = /etc/letsencrypt/live/amcoustics.com/chain.pem
fullchain = /etc/letsencrypt/live/amcoustics.com/fullchain.pem
# Options used in the renewal process
[renewalparams]
authenticator = webroot
installer = None
account = f348847389104513e9a7535ff47f8d45
[[webroot_map]]
amcoustics.com = /var/www/html/amcoustics.com
My first attempt was to look at that file with xxd /etc/letsencrypt/renewal/amcoustics.com.conf to see the hex content. But there seems to be no character feff used. But maybe I misunderstand what it means.
Regarding the location block: I tried to set a test file and retrieve it with curl…but without luck…so the location block really seems to be not working.
I’m using certbot 0.10.2 (seems to be the newest version of debian 8)
On closer inspection, that error looks like it might be related to certbot trying to parse a UTF-16 encoded file. Did you edit any files locally, especially in Windows, and upload them? If so, double check that they are UTF-8 encoded.
Can you paste the contents of /var/log/letsencrypt/letsencrypt.log?
The problem is probably not with the renewal file, but with some other file certbot needs to read pertaining to that domain. The debug log would tell us which one it is.
Thanks a lot @mnordhoff!! This was the missing part! I didn't know that the return statement needs its own location block. As that redirect did work I never would have spotted this as the problem without your help!
The character issue is gone now. Seems like it really was a follow up problem reading the (wrong) result of the challenge request.
Thanks to the log I had the idea with the not working redirect. From the log:
