Switching from staging to production server


#1

I’ve used certbot --staging option to test certificates for my domain… I’d like to move back to production server but changing /etc/letsencrypt/renewal/domain.com.conf from https://acme-staging.api.letsencrypt.org/directory to https://acme-v01.api.letsencrypt.org/directory gives the following error:
Attempting to renew cert from /etc/letsencrypt/renewal/domain.com.conf produced an unexpected error: Account at /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/b56add4bde4c06fa9d1c79344a8ee2b6 does not exist. Skipping.


#2

Have you previously created an account on the production server? If so, you should also change the account field when changing the server field.

If not, I guess there is no way to make this work through manual editing of the renewal configuration file and you’re instead meant to run certbot certonly with appropriate specification of the certificate lineage (--cert-name in recent Certbot versions, or a complete list of all of the subject domain names with -d in older Certbot versions) and server, plus --force-renewal. If that, in turn, doesn’t work, I guess we can consider it a Certbot bug.


#3

I tried to run the certbot command without the staging flag… (N.B: We had initially reached the rate limit on the production server before switching to staging)

certbot -n certonly --webroot -w /usr/share/nginx/html/letsencrypt --agree-tos -d s.domain.com -m m@domain.com --force-renew

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for s.domain.com
Using the webroot path /usr/share/nginx/html/letsencrypt for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. s.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://s.domain.com/.well-known/acme-challenge/SgWdPNvuYd8T9_q_bbfaWnT2keNtCUC-n4aU75HoOtw: "

" IMPORTANT NOTES: - The following errors were reported by the server:

Domain: s.domain.com
Type: unauthorized
Detail: Invalid response from
http://s.domain.com/.well-known/acme-challenge/SgWdPNvuYd8T9_q_bbfaWnT2keNtCUC-n4aU75HoOtw:
"

"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

But when I run the certbot command with staging flag, it works:

certbot -n certonly --webroot -w /usr/share/nginx/html/letsencrypt --agree-tos -d s.domain.com -m m@domain.com --force-renew --staging

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for s.domain.com
Using the webroot path /usr/share/nginx/html/letsencrypt for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0004_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0004_csr-certbot.pem

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/s.domain.com-0001/fullchain.pem.
    Your cert will expire on 2017-07-09. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    "certbot renew"

#4

That’s pretty weird. Would you be willing to post your logs from /var/log/letsencrypt?


#5

2017-04-11 14:06:59,304:DEBUG:certbot.main:Root logging level set at 20
2017-04-11 14:06:59,304:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-04-11 14:06:59,305:DEBUG:certbot.main:certbot version: 0.11.1
2017-04-11 14:06:59,305:DEBUG:certbot.main:Arguments: [’-n’, ‘–webroot’, ‘-w’, ‘/usr/share/nginx/html/letsencrypt’, ‘–agree-tos’, ‘-d’, ‘support.domain.com’, ‘-m’, ‘monitoring@domain.com’, ‘–force-renew’]
2017-04-11 14:06:59,305:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2017-04-11 14:06:59,305:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-04-11 14:06:59,306:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f484c4636d0>
Prep: True
2017-04-11 14:06:59,306:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f484c4636d0> and installer None
2017-04-11 14:06:59,310:DEBUG:certbot.main:Picked account: <Account(a26c1685e2d269efedd7fb0a48e0a8e3)>
2017-04-11 14:06:59,311:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-04-11 14:06:59,314:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-04-11 14:07:01,699:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 352
2017-04-11 14:07:01,700:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 352
Boulder-Request-Id: zC0PHO1W8qWrx4NMdyJPO4AHoBq59APq8PU3feUQCzk
Replay-Nonce: 6PLbmGfmpgGHl4hhRJApJ6sXDekVXPYFBgJEQ_F0g5E
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 11 Apr 2017 14:07:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 11 Apr 2017 14:07:08 GMT
Connection: keep-alive

{
“key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”,
“new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,
“new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,
“new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”,
“revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert
}
2017-04-11 14:07:01,704:DEBUG:certbot.renewal:Auto-renewal forced with --force-renewal…
2017-04-11 14:07:01,705:INFO:certbot.main:Renewing an existing certificate
2017-04-11 14:07:01,705:DEBUG:root:Requesting fresh nonce
2017-04-11 14:07:01,705:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
2017-04-11 14:07:02,218:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-authz HTTP/1.1” 405 0
2017-04-11 14:07:02,219:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Boulder-Request-Id: WxaxKZm29lSV-l6JPFEUJ-Sq31PDuunBOlAN9m4lAFM
Replay-Nonce: -bQJ8u0orKVwsZM1UOWLt9qTjzIq1lIRB-FxPSKbhe4
Expires: Tue, 11 Apr 2017 14:07:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 11 Apr 2017 14:07:08 GMT
Connection: keep-alive

2017-04-11 14:07:02,219:DEBUG:acme.client:Storing nonce: -bQJ8u0orKVwsZM1UOWLt9qTjzIq1lIRB-FxPSKbhe4
2017-04-11 14:07:02,219:DEBUG:acme.client:JWS payload:
{
“identifier”: {
“type”: “dns”,
“value”: “support.domain.com
},
“resource”: “new-authz”
}
2017-04-11 14:07:02,223:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: “sHBb4KiK-w3HP9aMi_azpvMy1zX5vInXzm7YsdSuEWk9yiT-M27V19p7R74V07E_nKCH75X5gvjCPwpUl4cXdZFbilS-x7y4IAco5i1ZGc-buQAh_7gwIlWz9urR2EUXvYvV0Ouf8UoU6QoHACNj0d3LXtLk3bMTirD65Q0C1xouGo7zhEsn6GgzXuT-ME_8F2MbcOs5m6iy0B28b4zj9vffXIzW80ACj8UpoFYx0MsYM5LPmDwf0DCRAI19xXjQBucdEhxbWdJ3x-OS66yT5DULHfplrgUGs6iid8lWAwvkNmJq8u_4iBZ-yrj8HV5rvEyj5KVK-NFR_Qp805BrKw”
}
},
“protected”: “eyJub25jZSI6ICItYlFKOHUwb3JLVndzWk0xVU9XTHQ5cVRqeklxMWxJUkItRnhQU0tiaGU0In0”,
“payload”: “ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAic3VwcG9ydC5ub2RlYWZyaWNhLmNvbSIKICB9LCAKICAicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9”,
“signature”: “AUIX85tL6V7W3YWBtlnaprN-XgaoTHPwHr08G09XbvwbEcPATRuQhGQ122jsuutXgOvPTt8Mu_QFx0-TA41PHX-V4MfFr1CqMyw_FpEmzXJsS3nRKI_qGif1vIyAMxY9GrQqjfTZPAf5MKpugsgTDRtTGgOsLHxpc–0ex73Yr_8GmjZVWp1EXtZPHt9v0aPpjkbByyYhmus8k1jAUYXUjC5HxTO0FIWFHaiQXgiy_FmVhGPKIs9ODTiQpYixZBrsKdCZLEqYRp81M2HcsAqTgkW3Ewr–Nb0hTYX0eWaAiSyj2UB1x8M8D3zy9cm-VPcXH2MhEvgIC5BQ_NOy8Xig”
}
2017-04-11 14:07:02,941:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-authz HTTP/1.1” 201 1010
2017-04-11 14:07:02,959:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1010
Boulder-Request-Id: rHJz-aTfq2kUI5cE-k_31W159t-c83sazH7yIQYZ0tY
Boulder-Requester: 12071187
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/XU-spJE7C6u_V9UxHlwDafkgeKy9NUMNT54R2RJ1BLQ
Replay-Nonce: h5gfNInAKcketsWUi9yquaHbMD7Z5xqwyuBz_a7sr7Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 11 Apr 2017 14:07:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 11 Apr 2017 14:07:09 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “support.domain.com
},
“status”: “pending”,
“expires”: “2017-04-18T14:07:09.369813831Z”,
“challenges”: [
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/XU-spJE7C6u_V9UxHlwDafkgeKy9NUMNT54R2RJ1BLQ/1003159052”,
“token”: “1K69kBJB_Jtu_FGWVfid6SSiXK3VsDFjUzvo3XBrPw0”
},
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/XU-spJE7C6u_V9UxHlwDafkgeKy9NUMNT54R2RJ1BLQ/1003159053”,
“token”: “WgOu2GfgaoIckSnURIYVIEiS7PYBY34js9xGE0h7dss”
},
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/XU-spJE7C6u_V9UxHlwDafkgeKy9NUMNT54R2RJ1BLQ/1003159054”,
“token”: “1nDZ7KZ808As9E2eDZO1BQBole3TOjvQHEV_CVPZFVo”
}
],
“combinations”: [
[
2
],
[
1
],
[
0
]
]
}
2017-04-11 14:07:02,959:DEBUG:acme.client:Storing nonce: h5gfNInAKcketsWUi9yquaHbMD7Z5xqwyuBz_a7sr7Y
2017-04-11 14:07:02,960:INFO:certbot.auth_handler:Performing the following challenges:
2017-04-11 14:07:02,960:INFO:certbot.auth_handler:http-01 challenge for support.domain.com
2017-04-11 14:07:02,960:INFO:certbot.plugins.webroot:Using the webroot path /usr/share/nginx/html/letsencrypt for all unmatched domains.
2017-04-11 14:07:02,960:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /usr/share/nginx/html/letsencrypt/.well-known/acme-challenge
2017-04-11 14:07:02,964:DEBUG:certbot.plugins.webroot:Attempting to save validation to /usr/share/nginx/html/letsencrypt/.well-known/acme-challenge/WgOu2GfgaoIckSnURIYVIEiS7PYBY34js9xGE0h7dss
2017-04-11 14:07:02,965:INFO:certbot.auth_handler:Waiting for verification…
2017-04-11 14:07:02,965:DEBUG:acme.client:JWS payload:
{
“keyAuthorization”: “WgOu2GfgaoIckSnURIYVIEiS7PYBY34js9xGE0h7dss.rttwWcatEuuEu3QSeiQ63fvgFbjHhhg4jLQr8JJN59Q”,
“type”: “http-01”,
“resource”: “challenge”
}
2017-04-11 14:07:02,968:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/XU-spJE7C6u_V9UxHlwDafkgeKy9NUMNT54R2RJ1BLQ/1003159053:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: “sHBb4KiK-w3HP9aMi_azpvMy1zX5vInXzm7YsdSuEWk9yiT-M27V19p7R74V07E_nKCH75X5gvjCPwpUl4cXdZFbilS-x7y4IAco5i1ZGc-buQAh_7gwIlWz9urR2EUXvYvV0Ouf8UoU6QoHACNj0d3LXtLk3bMTirD65Q0C1xouGo7zhEsn6GgzXuT-ME_8F2MbcOs5m6iy0B28b4zj9vffXIzW80ACj8UpoFYx0MsYM5LPmDwf0DCRAI19xXjQBucdEhxbWdJ3x-OS66yT5DULHfplrgUGs6iid8lWAwvkNmJq8u_4iBZ-yrj8HV5rvEyj5KVK-NFR_Qp805BrKw”
}
},
“protected”: “eyJub25jZSI6ICJoNWdmTkluQUtja2V0c1dVaTl5cXVhSGJNRDdaNXhxd3l1QnpfYTdzcjdZIn0”,
“payload”: “ewogICJrZXlBdXRob3JpemF0aW9uIjogIldnT3UyR2ZnYW9JY2tTblVSSVlWSUVpUzdQWUJZMzRqczl4R0UwaDdkc3MucnR0d1djYXRFdXVFdTNRU2VpUTYzZnZnRmJqSGhoZzRqTFFyOEpKTjU5USIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “b1-dKlNOwvBQBOh2xT2Q-6qvf7Fd7Fevk-3dD48i-8dl3CkT4dmw86cO4gy6vROg-LBaS9OCJt86NOA6OzO8wNUfgCJeua3D7dt_Yvy6uMt_MppnWfuK3I7_ewgfOMK1eeX8tafWQnmyWxW2Pnz0KQF_lZHWIFVDA-cCL9SXqX9LhubWOc6IW4SGvMU3p-mEOi-PGZFs6sbcz9R4yhznpdQaHMRBhTo6KQoyBLOEfUcOX9wbZpPBG-qtJwbOrbMz-LEDsfavJtnX_oz7yUYucMdy00SSF8dJ_QtfJUq31Kl6-EteDRB3P_UbGkPCGtUhbxuF-k5mslPgiNTbN5dTVg”
}
2017-04-11 14:07:03,580:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/challenge/XU-spJE7C6u_V9UxHlwDafkgeKy9NUMNT54R2RJ1BLQ/1003159053 HTTP/1.1” 202 336
2017-04-11 14:07:03,581:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Request-Id: VU8WjBAoqALDKEWK-CiliioGVc5dPuuK1iBWBKW5HBk
Boulder-Requester: 12071187
Link: https://acme-v01.api.letsencrypt.org/acme/authz/XU-spJE7C6u_V9UxHlwDafkgeKy9NUMNT54R2RJ1BLQ;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/XU-spJE7C6u_V9UxHlwDafkgeKy9NUMNT54R2RJ1BLQ/1003159053
Replay-Nonce: CSxMvvPGA3jgXoOd-10inax5r-pB1FH7dyn1Fkm4hIE
Expires: Tue, 11 Apr 2017 14:07:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 11 Apr 2017 14:07:10 GMT
Connection: keep-alive

{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/XU-spJE7C6u_V9UxHlwDafkgeKy9NUMNT54R2RJ1BLQ/1003159053”,
“token”: “WgOu2GfgaoIckSnURIYVIEiS7PYBY34js9xGE0h7dss”,
“keyAuthorization”: “WgOu2GfgaoIckSnURIYVIEiS7PYBY34js9xGE0h7dss.rttwWcatEuuEu3QSeiQ63fvgFbjHhhg4jLQr8JJN59Q”
}
2017-04-11 14:07:03,581:DEBUG:acme.client:Storing nonce: CSxMvvPGA3jgXoOd-10inax5r-pB1FH7dyn1Fkm4hIE
2017-04-11 14:07:06,585:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/XU-spJE7C6u_V9UxHlwDafkgeKy9NUMNT54R2RJ1BLQ.
2017-04-11 14:07:07,160:DEBUG:requests.packages.urllib3.connectionpool:“GET /acme/authz/XU-spJE7C6u_V9UxHlwDafkgeKy9NUMNT54R2RJ1BLQ HTTP/1.1” 200 2251
2017-04-11 14:07:07,161:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Boulder-Request-Id: MqxY6J2Hv1K–WCa0AhsfhrDQgG4TleVLyz16V-wsBE
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: U-AJkC3J_S8-a4pBp-ttrZAYymFz-DxpaoEyjAhj9vA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 2251
Expires: Tue, 11 Apr 2017 14:07:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 11 Apr 2017 14:07:13 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “support.domain.com
},
“status”: “invalid”,
“expires”: “2017-04-18T14:07:09Z”,
“challenges”: [
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/XU-spJE7C6u_V9UxHlwDafkgeKy9NUMNT54R2RJ1BLQ/1003159052”,
“token”: “1K69kBJB_Jtu_FGWVfid6SSiXK3VsDFjUzvo3XBrPw0”
},
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:unauthorized”,
“detail”: "Invalid response from http://support.domain.com/.well-known/acme-challenge/WgOu2GfgaoIckSnURIYVIEiS7PYBY34js9xGE0h7dss: "\u003c!DOCTYPE html\u003e\n\u003chtml \u003e\n\u003chead\u003e\n \u003cmeta charset=“utf-8”\u003e\n \u003cmeta http-equiv=“X-UA-Compatible” content=“IE=edge,chrome=1”\u003e\n “”,
“status”: 403
},
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/XU-spJE7C6u_V9UxHlwDafkgeKy9NUMNT54R2RJ1BLQ/1003159053”,
“token”: “WgOu2GfgaoIckSnURIYVIEiS7PYBY34js9xGE0h7dss”,
“keyAuthorization”: “WgOu2GfgaoIckSnURIYVIEiS7PYBY34js9xGE0h7dss.rttwWcatEuuEu3QSeiQ63fvgFbjHhhg4jLQr8JJN59Q”,
“validationRecord”: [
{
“url”: “http://support.domain.com/.well-known/acme-challenge/WgOu2GfgaoIckSnURIYVIEiS7PYBY34js9xGE0h7dss”,
“hostname”: “support.domain.com”,
“port”: “80”,
“addressesResolved”: [
“192.169.170.101”
],
“addressUsed”: “192.169.170.101”
},
{
“url”: “https://support.domain.com/.well-known/acme-challenge/WgOu2GfgaoIckSnURIYVIEiS7PYBY34js9xGE0h7dss”,
“hostname”: “support.domain.com”,
“port”: “443”,
“addressesResolved”: [
“192.169.170.101”
],
“addressUsed”: “192.169.170.101”
}
]
},
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/XU-spJE7C6u_V9UxHlwDafkgeKy9NUMNT54R2RJ1BLQ/1003159054”,
“token”: “1nDZ7KZ808As9E2eDZO1BQBole3TOjvQHEV_CVPZFVo”
}
],
“combinations”: [
[
2
],
[
1
],
[
0
]
]
}
2017-04-11 14:07:07,162:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: support.domain.com
Type: unauthorized
Detail: Invalid response from http://support.domain.com/.well-known/acme-challenge/WgOu2GfgaoIckSnURIYVIEiS7PYBY34js9xGE0h7dss: "

"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2017-04-11 14:07:07,162:INFO:certbot.auth_handler:Cleaning up challenges
2017-04-11 14:07:07,163:DEBUG:certbot.plugins.webroot:Removing /usr/share/nginx/html/letsencrypt/.well-known/acme-challenge/WgOu2GfgaoIckSnURIYVIEiS7PYBY34js9xGE0h7dss
2017-04-11 14:07:07,163:DEBUG:certbot.plugins.webroot:All challenges cleaned up, removing /usr/share/nginx/html/letsencrypt/.well-known/acme-challenge
2017-04-11 14:07:07,164:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.11.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 882, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 659, in obtain_cert
action, _ = _auth_from_available(le_client, config, domains, certname, lineage)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 104, in _auth_from_available
renewal.renew_cert(config, domains, le_client, lineage)
File “/usr/lib/python2.7/dist-packages/certbot/renewal.py”, line 296, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 265, in obtain_certificate
self.config.allow_subset_of_names)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 77, in get_authorizations
self._respond(resp, best_effort)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 134, in _respond
self._poll_challenges(chall_update, best_effort)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 198, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. support.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://support.domain.com/.well-known/acme-challenge/WgOu2GfgaoIckSnURIYVIEiS7PYBY34js9xGE0h7dss: "


#6

Had to purge the certbot packages and reinstall it… Works fine now


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.