My domain is: brick9.com

I ran this command:I got an email stating I had to upgrade to keep letsencrypt working. So this is what I did:

• was running certbot 0.22 to upgraded to .28
• ran the command: sudo sh -c "sed -i.bak -e 's/^(pref_challs.)tls-sni-01(.)/\1http-01\2/g' /etc/letsencrypt/renewal/; rm -f /etc/letsencrypt/renewal/.bak"

Then when doing the dry tun for renew I suddenly get these errors:

Attempting to renew cert (www.brick9.com) from /etc/letsencrypt/renewal/www.brick9.com.conf produced an unexpected error: Failed authorization procedure. www.brick9.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.brick9.com/.well-known/acme-challenge/Y6o03UuCUCSmiUQtPNd9XjMat3X1F4Q6435GUexklF0: "\n<html class="avada-html-layout-wide" lang="en-US" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#\">\n<head". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/brick9.com/fullchain.pem (failure)
/etc/letsencrypt/live/www.brick9.com/fullchain.pem (failure)

My web server is Apache

Hi @B055

your main configuration looks ok ( https://check-your-website.server-daten.de/?q=brick9.com ):

Port 80 is open, non-www is redirected to www, there is the expected http status 404 - not found.

So find your DocumentRoot in your VirtualHost and use it.

certbot run -a webroot -i apache -w yourDocumentRoot -d www.brick9.com -d brick9.com

Thank you that command activated succesfully (i choose to attempt to reinstall)

After that tried a new renew dry-run. But getting the same output.

Please show output of:
certbot certificates

and also the matching cert named .conf file in folder (if any):
/etc/letsencrypt/renewal/

And for good measure the most recent letsencrypt log file entries.

I'm afraid @JuergenAuer's command may have created a new separately-managed certificate if you didn't have www.brick9.com and brick9.com on the same certificate before. You can check with certbot certificates.

I can't find a new certificate.

Last certificate is 2019-01-18.

Hi output

Found the following certs:
Certificate Name: brick9.com
Domains: brick9.com www.brick9.com
Expiry Date: 2019-04-18 11:25:15+00:00 (VALID: 69 days)
Certificate Path: /etc/letsencrypt/live/brick9.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/brick9.com/privkey.pem
Certificate Name: www.brick9.com
Domains: www.brick9.com
Expiry Date: 2019-04-16 11:14:34+00:00 (VALID: 67 days)
Certificate Path: /etc/letsencrypt/live/www.brick9.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.brick9.com/privkey.pem

brick9.com.conf:

renew_before_expiry = 30 days

version = 0.22.2
archive_dir = /etc/letsencrypt/archive/brick9.com
cert = /etc/letsencrypt/live/brick9.com/cert.pem
privkey = /etc/letsencrypt/live/brick9.com/privkey.pem
chain = /etc/letsencrypt/live/brick9.com/chain.pem
fullchain = /etc/letsencrypt/live/brick9.com/fullchain.pem

Options used in the renewal process

[renewalparams]
account = b44c9ecafb08f9d66026cbb7779c0b2b
authenticator = apache
installer = apache

www.brick9.com.conf:

renew_before_expiry = 30 days

version = 0.22.2
archive_dir = /etc/letsencrypt/archive/www.brick9.com
cert = /etc/letsencrypt/live/www.brick9.com/cert.pem
privkey = /etc/letsencrypt/live/www.brick9.com/privkey.pem
chain = /etc/letsencrypt/live/www.brick9.com/chain.pem
fullchain = /etc/letsencrypt/live/www.brick9.com/fullchain.pem

Options used in the renewal process

[renewalparams]
account = b44c9ecafb08f9d66026cbb7779c0b2b
installer = apache
authenticator = apache

So this looks good no?

It looks like you have two cert good for at least 67 days.
But one has two names and one has one name.
Both have the same single name; So, I wonder if you are even using the single name cert...
[you can do without it]

Please show:
grep -Eri 'brick9.com/fullchain' /etc/apache2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.