I got same error when it use webroot as a authentication.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/accounts.arpdigital.com.au.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for accounts.arpdigital.com.au
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (accounts.arpdigital.com.au) from /etc/letsencrypt/renewal/accounts.arpdigital.com.au.conf produced an unexpected error: Failed authorization procedure. accounts.arpdigital.com.au (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://accounts.arpdigital.com.au/.well-known/acme-challenge/YL6Dvj5ghfFSPt-vb2waZlW4am_lFT3j15uwJrjhkiU [3.213.80.151]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>". Skipping.
rg305
September 9, 2021, 10:15am
46
Then you used the wrong webroot.
Show the full command used and the matching vhost config.
I used followig command -
sudo certbot renew
Then I got the above error for that domain.
And nginx file for that domain
server {
server_name accounts.arpdigital.com.au;
root /var/www/gridle-crm/public;
error_log /var/log/nginx/accounts.arpdigital.com.au.error.log;
access_log /var/log/nginx/accounts.arpdigital.com.au.access.log;
include /etc/nginx/includes/whitelable-crm-all-servers;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/accounts.arpdigital.com.au/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/accounts.arpdigital.com.au/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = accounts.arpdigital.com.au) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name accounts.arpdigital.com.au;
listen 80;
return 404; # managed by Certbot
}
Content of /etc/nginx/includes/whitelable-crm-all-servers file -
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:7999; # set the address of the Node.js instance here
}
location ~ /.well-known {
allow all;
root /var/www/gridle-crm/public;
}
rg305
September 9, 2021, 9:00pm
48
When did you start using?:
/etc/nginx/includes/whitelable-crm-all-servers
We have white label type architecture. So, when any user adds their domain to our platform, we generate an Nginx file for that domain. So, every domain have their own Nginx file. Now, there are some configurations that are common. We create one file and then include them in all Nginx files. So, in the future, if we want to add some configuration like caching, rate-limiting, etc then we just need to add them in only one file.
rg305
September 10, 2021, 11:45am
50
When did start using that file?
rg305
September 10, 2021, 4:18pm
52
hmm...
Then that file is NOT part of this ne problem.
Can you try a newer certbot
client?
system
Closed
October 17, 2021, 12:16am
54
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.