Suddenly Certbot Stop Working - Some challenges have failed

I got same error when it use webroot as a authentication.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/accounts.arpdigital.com.au.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for accounts.arpdigital.com.au
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (accounts.arpdigital.com.au) from /etc/letsencrypt/renewal/accounts.arpdigital.com.au.conf produced an unexpected error: Failed authorization procedure. accounts.arpdigital.com.au (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://accounts.arpdigital.com.au/.well-known/acme-challenge/YL6Dvj5ghfFSPt-vb2waZlW4am_lFT3j15uwJrjhkiU [3.213.80.151]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>". Skipping.

Then you used the wrong webroot.
Show the full command used and the matching vhost config.

I used followig command -
sudo certbot renew

Then I got the above error for that domain.

And nginx file for that domain

server {
    server_name accounts.arpdigital.com.au;
    root /var/www/gridle-crm/public;
    error_log /var/log/nginx/accounts.arpdigital.com.au.error.log;
    access_log /var/log/nginx/accounts.arpdigital.com.au.access.log;
    include /etc/nginx/includes/whitelable-crm-all-servers;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/accounts.arpdigital.com.au/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/accounts.arpdigital.com.au/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    if ($host = accounts.arpdigital.com.au) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name accounts.arpdigital.com.au;
    listen 80;
    return 404; # managed by Certbot
}

Content of /etc/nginx/includes/whitelable-crm-all-servers file -

location / {

        proxy_redirect                      off;
        proxy_set_header Host               $host;
        proxy_set_header X-Real-IP          $remote_addr;
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;
        proxy_read_timeout          1m;
       proxy_connect_timeout       1m;
        proxy_pass                          http://127.0.0.1:7999; # set the address of the Node.js instance here
   }

location ~ /.well-known {
        allow all;
        root /var/www/gridle-crm/public;
}

When did you start using?:
/etc/nginx/includes/whitelable-crm-all-servers

We have white label type architecture. So, when any user adds their domain to our platform, we generate an Nginx file for that domain. So, every domain have their own Nginx file. Now, there are some configurations that are common. We create one file and then include them in all Nginx files. So, in the future, if we want to add some configuration like caching, rate-limiting, etc then we just need to add them in only one file.

When did start using that file?

From 1 year.

hmm...
Then that file is NOT part of this ne problem.

Can you try a newer certbot client?

Any news?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.