SSL installation failure on Google Cloud


#1

I tried to run ./certbot-auto renew --dry-run after ./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs -d periwinkkle.com -d www.periwinkkle.com

It is show error like-
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for periwinkkle.com
http-01 challenge for www.periwinkkle.com
Cleaning up challenges
Attempting to renew cert (periwinkkle.com) from /etc/letsencrypt/renewal/periwinkkle.com.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Select the webroot for www.periwinkkle.com:
Choices: [‘Enter a new webroot’, ‘/opt/bitnami/apps/wordpress/htdocs’]

(You can set this with the --webroot-path flag). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/periwinkkle.com/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/periwinkkle.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)

How can I fix it…?


#2

Hi @gravity-bpo001

what’s the complete output of this command?

Add -vvv so we have more debug informations.

And share

/var/log/letsencrypt/letsencrypt.log

#3

It would seem that

is not the actual webroot for those names:
periwinkkle.com
www.periwinkkle.com

Or maybe that cerbot-auto is unable to place the challenge file in that folder/path:
/opt/bitnami/apps/wordpress/htdocs/.well-known/acme-challenge/{TOKEN-FILE}

You can test/verify the second “guess” with:

mkdir /opt/bitnami/apps/wordpress/htdocs/.well-known
mkdir /opt/bitnami/apps/wordpress/htdocs/.well-known/acme-challenge
echo "testing" > /opt/bitnami/apps/wordpress/htdocs/.well-known/acme-challenge/1234

Which should create a file that can be accessed via both URLs:
http://periwinkkle.com/.well-known/acme-challenge/1234
http://www.periwinkkle.com/.well-known/acme-challenge/1234


#4

I’d like to see this file…


#5

I run following commands but showing no results.
periwinkkle_com@wordpress-1-vm:~ mkdir /opt/bitnami/apps/wordpress/htdocs/.well-known mkdir: cannot create directory ‘/opt/bitnami/apps/wordpress/htdocs/.well-known’: Permission denied periwinkkle_com@wordpress-1-vm:~ mkdir /opt/bitnami/apps/wordpress/htdocs/.well-known/acme-challenge
mkdir: cannot create directory ‘/opt/bitnami/apps/wordpress/htdocs/.well-known/acme-challenge’: No such file or dir
ectory
periwinkkle_com@wordpress-1-vm:~ echo "testing" > /opt/bitnami/apps/wordpress/htdocs/.well-known/acme-challenge/12 34 -bash: /opt/bitnami/apps/wordpress/htdocs/.well-known/acme-challenge/1234: No such file or directory periwinkkle_com@wordpress-1-vm:~


#6

Hello JuergenAuer,

Thanks for reply and sorry for delay response.
Complete output for > ```

./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs -d periwinkkle.com -d www.periwinkkle.com

is
periwinkkle_com@wordpress-1-vm:~$ ./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs -d periwi
nkkle.com -d www.periwinkkle.com
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t clos
e to expiry.
(ref: /etc/letsencrypt/renewal/periwinkkle.com.conf)
What would you like to do?


1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel):


#7

You need to be root user [or some other elevated privileged user].

Please show:
./certbot-auto certificates