My domain is: cyannotes.com
I ran this command: sudo certbot renew --dry-run
It produced this output:
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: cyannotes.com
Type: unauthorized
Detail: Invalid response from
https://cyannotes.com/.well-known/acme-challenge/0qD5OsLQU0aM_OEwSjcOWmiLWcliPVNsC_Lwd1YwKS8
[23.239.2.168]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
Not Found</h1></center>\r\n<hr><center>"
Domain: www.cyannotes.com
Type: unauthorized
Detail: Invalid response from
https://cyannotes.com/.well-known/acme-challenge/9--No4wmqANKY0IDq1WXv-rKDhs_dnz5hnhmiJB-YuE
[23.239.2.168]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
Not Found</h1></center>\r\n<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): nginx 1.6.2
The operating system my web server runs on is (include version): Ubuntu 14.04 LTS
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.31.0
First, I created the existing certificate using standalone option, and it worked fine. Second, I can access https://cyannotes.com/.well-known/acme-challenge/test.txt. I think the problem lies in the fact that whatever needs to be created under .well-known/acme-challenge/
directory (e.g. 0qD5OsLQU0aM_OEwSjcOWmiLWcliPVNsC_Lwd1YwKS8
and 9--No4wmqANKY0IDq1WXv-rKDhs_dnz5hnhmiJB-YuE
as above) does not get created during the renewal, which leads to 404 not found. The reason I don’t know and hope to find out.
For reference, my renewal parameters inside /etc/letsencrypt/renewal/cyannotes.com.conf
are:
[renewalparams]
server = https://acme-v02.api.letsencrypt.org/directory
pref_challs = http-01,
authenticator = standalone
account = blahblahblah
http01_port = 8008
Any idea?