SSL Not Getting Renewed

While attempting to renew the Certs I ran sudo letsencrypt renew and got the following error after the few attempts of resolving the error listed below this one.

     Processing /etc/letsencrypt/renewal/mydomain.in.conf

     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

     Cert is due for renewal, auto-renewing...

     Plugins selected: Authenticator apache, Installer apache

     Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

     Renewing an existing certificate

     Attempting to renew cert (mydomain.in) from /etc/letsencrypt/renewal/mydomain.in.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/. Skipping.

     
    Attempting to renew cert (mydomain.in) from /etc/letsencrypt/renewal/mydomain.in.conf produced an unexpected error: Failed authorization procedure. www.mydomain.asia (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.mydomain.asia/.well-known/acme-challenge/tyH_i2JLEJKJt0MYZ1JHRXMGUSUiAhJMIHRwyube3cA [13.233.113.39]: 404, mydomain.asia (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mydomain.asia/.well-known/acme-challenge/mzRJdGzJcayyBwgzOCkzV5F4iaC7VoKfWJ5OW_rL-Yg [13.233.113.39]: 404. Skipping.

Hi @hitesh

please answer the following questions. That’s the standard template of #help

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I’ve updated this thread.

You have a lot of older certificates ( https://check-your-website.server-daten.de/?q=genuus.asia#ct-logs ):

Oldest is from 2017-10-25 12:45

So the good news: Looks like you have used tls-sni-01 validation, that’s not longer supported. Certbot uses another authenticator, that doesn’t work.

The next good news: Your configuration looks ok:

Port 80 is open, checking a file in /.well-known/acme-challenge sends the expected result http status 404 - Not Found. No wrong redirect.

So find your DocumentRoot of that port 80 - vHost and use it.

certbot run -a webroot -i apache -w yourDocumentRoot -d www.genuus.asia -d genuus.asia

But one problem: Your certificate has a lot of domain names:

CN=genuus.in
	10.02.2019
	11.05.2019
2 days expired	
dmpm.genuus.asia, genuus.asia, 
genuus.in, genuus.io, www.genuus.asia, 
www.genuus.in, www.genuus.io - 7 entries

Have all domains the same DocumentRoot and the same vHost? If yes, you can add the additional domains with the -d switch. If some domains have another vHost, create an own certificate with that vHost + domains.

Great! Thanks for the help.

It solved my problem.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.