SSL certificate installed, but cannot renew

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.fagerstrandvel.no & fagerstrandvel.no

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: GGP

I can login to a root shell on my machine (yes or no, or I don’t know): YEs

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

I succesfully install letsencrypt cerificates after they ran out. Now Im trying to renew them since the auto renow cron job failed. But it fails.
Now I get: An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently
I tryied: sudo certbot renew
and get: Saving debug log to /var/log/letsencrypt/letsencrypt.log


No renewals were attempted.

Help is appreciated - Im totally lost now.

Hi @Fagerstrand

if you use http-01 validation, Certbot creates a file in /.well-known/acme-challenge, Letsencrypt checks that file.

But checking your configuration, you see the error ( https://check-your-website.server-daten.de/?q=fagerstrandvel.no ):

Domainname Http-Status redirect Sec. G
http://fagerstrandvel.no/
104.197.118.174 200 0.840 H
http://www.fagerstrandvel.no/
104.197.118.174 200 0.790 H
https://fagerstrandvel.no/
104.197.118.174 200 1.890 I
https://www.fagerstrandvel.no/
104.197.118.174 200 1.650 I
http://fagerstrandvel.no/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.197.118.174 301 https://www.fagerstrandvel.no 0.363 E
Visible Content:
http://www.fagerstrandvel.no/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.197.118.174 301 https://www.fagerstrandvel.no 0.360 A
Visible Content:
https://www.fagerstrandvel.no 200 1.526

Your http + "/" doesn't have a redirect to https. But your http + /.well-known/acme-challenge/random-filename redirects to https + "/", not https + /.well-known/acme-challenge/random-filename

So you have (minimal) two options:

  • remove the redirect http -> https of /.well-known/acme-challenge (or)
  • change the redirect, so the complete folder and filename is added (requires, that http and https use the same webroot)

Tx alot for the reply
I have put the following in .htaccess:
RedirectMatch ^(?!/.well-known/acme-challenge/)(.)$ https://www.fagerstrandvel.no$1
RedirectMatch ^(?!/.well-known/acme-challenge/)(.
)$ https://fagerstrandvel.no$1

But then running the command:
./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d fagerstrandvel.no -d www.fagerstrandvel.no

I still get error:
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for fagerstrandvel.no
http-01 challenge for www.fagerstrandvel.no
Using the webroot path /opt/bitnami/apps/wordpress/htdocs for all unmatched domains.
Waiting for verification…
Challenge failed for domain fagerstrandvel.no
Challenge failed for domain www.fagerstrandvel.no
http-01 challenge for fagerstrandvel.no
http-01 challenge for www.fagerstrandvel.no
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:

I guess I do the remove the redirect http -> https of /.well-known/acme-challenge wrong.
Could someone guide me step-by-step or some more details.

I have no idea on how to:
So you have (minimal) two options:

  • remove the redirect http -> https of /.well-known/acme-challenge (or)
  • change the redirect, so the complete folder and filename is added (requires, that http and https use the same webroot)

Checking your domain again you have the same error -> redirect to https + /, that can't work

But Letsencrypt

sees a different error with a http answer and 403 - Forbidden.

Why?

No idea.
I made this change:
I have put the following in .htaccess:
RedirectMatch ^(?!/.well-known/acme-challenge/)(. )$ https://www.fagerstrandvel.no$1
RedirectMatch ^(?!/.well-known/acme-challenge/)(.
)$ https://fagerstrandvel.no$1

I have tried some changes from I Must Turn Off HTTPS Redirect to Renew
But no luck jet.

Shooting in the blind here :slight_smile:
I tried this guide:
https://docs.bitnami.com/google/how-to/generate-install-lets-encrypt-ssl/
…For NGINX user

I now have a new certificate - but no idea on what I have done.

Perhaps some experts can clarify.

And the dir for the certificate files is not the same as for the old ones.

Case closed for me - until next renewal…if auto-renew is failing.

Now you have a new certificate ( https://check-your-website.server-daten.de/?q=fagerstrandvel.no ):

CN=fagerstrandvel.no
	05.07.2019
	03.10.2019
expires in 90 days	
fagerstrandvel.no, www.fagerstrandvel.no - 2 entries

That’s good :+1:

But you don’t have normal redirects http -> https. And you have the wrong redirect http + /.well-known/acme-challenge -> https + /.

Domainname Http-Status redirect Sec. G
http://fagerstrandvel.no/
104.197.118.174 200 1.094 H
http://www.fagerstrandvel.no/
104.197.118.174 200 0.797 H
https://fagerstrandvel.no/
104.197.118.174 200 1.990 I
https://www.fagerstrandvel.no/
104.197.118.174 200 1.670 B
http://fagerstrandvel.no/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.197.118.174 301 https://www.fagerstrandvel.no 0.413 E
Visible Content:
http://www.fagerstrandvel.no/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.197.118.174 301 https://www.fagerstrandvel.no 0.353 A
Visible Content:
https://www.fagerstrandvel.no 200 1.550

And you have created two certificates:

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-07-05 2019-10-03 fagerstrandvel.no, www.fagerstrandvel.no - 2 entries duplicate nr. 2
Let’s Encrypt Authority X3 2019-07-05 2019-10-03 fagerstrandvel.no, www.fagerstrandvel.no - 2 entries duplicate nr. 1

There is one mixed content you should fix:

|img| src| http://fagerstrandvel.no/wp-content/gallery/2017_dugnad-stranda/cache/DSC01940_800.jpg-nggid03128-ngg0dyn-0x0x100-00f0w010c010r110f110r010t010.jpg| 1| mixed|

Do you have any suggestion on how to fix the above?

Will it be fixed if I put this in .htaccess:?
RedirectMatch ^(?!/.well-known/acme-challenge/)(.)$ https://www.fagerstrandvel.no$1
RedirectMatch ^(?!/.well-known/acme-challenge/)(.
)$ https://fagerstrandvel.no$1

Does it work? If no, that's your answer. . catches only one character. And what's the content of $1? Nothing? Then that's the problem.

Thank you for the outline of the problem. Can you suggest any solution?

Read the documentation about redirects. There are a lot of samples. Then use online tools to check the result.

Perhaps others can help - since I made this post til get help, not to ask if I have a problem.
Been trying for weeks, searching the community and internet for possible solutions.
Did also try:
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} “!/.well-known/acme-challenge/”
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

I think this is a forum formatting problem -- probably the original is something like RedirectMatch ^(?!/.well-known/acme-challenge/)(.*)$ but the forum software interpreted the * as a formatting command to italicize text, because it wasn't escaped. Therefore, this particular regular expression problem is probably not an issue here.

[quote=“Fagerstrand, post:13, topic:97060, full:true”]
Perhaps others can help - since I made this post til get help, not to ask if I have a problem.
Been trying for weeks, searching the community and internet for possible solutions. [/quote]

I would suggest zipping up and attaching your full httpd config. (Barring any kind of passwords of course.) I suspect something else is getting in the way of the redirect that you keep banging your head against, maybe even another server above or below it that might be stealing views.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.