@mnordhoff, thanks for your reply.
So I again deleted everything: sudo certbot delete rm -rf ~/.local/share/letsencrypt rm -rf /etc/letsencrypt rm -rf /var/log/letsencrypt rm -rf /var/lib/letsencrypt
And I ran sudo apt-get install certbot python-certbot-apache to update certbot packages. Afterwards I checked my certbot version, it is 0.31.0
So I launched sudo certbot --apache. It is successful, my certificates are deployed, and my websites are accessible through https.
But then again, I tried the dry run to test renewal, and I get the same error again:
root@ns3267680:~# sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/cloud.versus-alternative.ch.conf
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for cloud.versus-alternative.ch
http-01 challenge for erp.versus-alternative.ch
http-01 challenge for planning.versus-alternative.ch
http-01 challenge for planning.versus-alternative.com
http-01 challenge for planning2016.versus-alternative.ch
http-01 challenge for planning2017.versus-alternative.ch
http-01 challenge for planning2018.versus-alternative.ch
http-01 challenge for planning2018.versus-alternative.com
http-01 challenge for pointage.versus-alternative.ch
http-01 challenge for pointage2017.versus-alternative.ch
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (cloud.versus-alternative.ch) from /etc/letsencrypt/renewal/cloud.versus-alternative.ch.conf produced an unexpected error: Failed authorization procedure. planning2017.versus-alternative.ch (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://planning2017.versus-alternative.ch/.well-known/acme-challenge/Dr7kkkWJmX8Mgvvs38qEw6hVmxb9ZC3h6mJBnG7Se_8 [37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", planning.versus-alternative.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://planning.versus-alternative.com/.well-known/acme-challenge/UGBixn14NwNAxzEP4tCQqeE4YCxywfkkBrWa_r1gYJg [37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", planning.versus-alternative.ch (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://planning.versus-alternative.ch/.well-known/acme-challenge/0IlYfJqQcBxi7VLPFg2bpYsINJ_sQl-toH7WXUJ1mTQ [37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", erp.versus-alternative.ch (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://erp.versus-alternative.ch/.well-known/acme-challenge/8MWXrl0-s3lKSKtRYnJLk8FRlEXOEzPTprRUiWzsIQU [37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", cloud.versus-alternative.ch (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://cloud.versus-alternative.ch/.well-known/acme-challenge/Vmr45pvpCCkV8EWHlY51C_MOpF9DF3iTs-bMeUlvHxI [37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", planning2018.versus-alternative.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://planning2018.versus-alternative.com/.well-known/acme-challenge/XMNKpqIrnrouEYkGI3KuFAf647T3MhX-9zPHx9UD16o [37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", pointage.versus-alternative.ch (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://erp.versus-alternative.ch/.well-known/acme-challenge/mEUsNzggzq_wcFYZQccomfiIIcULF528LWofKeTfNyk [37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", planning2018.versus-alternative.ch (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://planning2018.versus-alternative.ch/.well-known/acme-challenge/wWbGlfQm15zuUOtFOsYDLpLlRRp8b3-hYdhMOVURRXk [37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/cloud.versus-alternative.ch/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/cloud.versus-alternative.ch/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: planning2017.versus-alternative.ch
Type: unauthorized
Detail: Invalid response from
[37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML
2.0//EN">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Domain: planning.versus-alternative.com
Type: unauthorized
Detail: Invalid response from
[37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML
2.0//EN">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Domain: planning.versus-alternative.ch
Type: unauthorized
Detail: Invalid response from
[37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML
2.0//EN">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Domain: erp.versus-alternative.ch
Type: unauthorized
Detail: Invalid response from
[37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML
2.0//EN">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Domain: cloud.versus-alternative.ch
Type: unauthorized
Detail: Invalid response from
[37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML
2.0//EN">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Domain: planning2018.versus-alternative.com
Type: unauthorized
Detail: Invalid response from
[37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML
2.0//EN">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Domain: pointage.versus-alternative.ch
Type: unauthorized
Detail: Invalid response from
[37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML
2.0//EN">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
Domain: planning2018.versus-alternative.ch
Type: unauthorized
Detail: Invalid response from
[37.59.54.183]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML
2.0//EN">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
But maybe this will help: I got an email from noreply@letsencrypt.org:
Hello,
Action may be required to prevent your Let's Encrypt certificate renewals from
breaking.
If you already received a similar e-mail, this one contains updated information.
Your Let's Encrypt client used ACME TLS-SNI-01 domain validation to issue a
certificate in the past 3 days. Below is a list of names and IP addresses
validated (max of one per account):
cloud.versus-alternative.ch (37.59.54.183) on 2019-03-11
TLS-SNI-01 validation has reached end-of-life. It stopped working permanently
on March 13th, 2019. Any certificates issued before then will continue to work
for 90 days after their issuance date.
You need to update your ACME client to use an alternative validation method
(HTTP-01, DNS-01 or TLS-ALPN-01) or your certificate renewals will break and
existing certificates will start to expire.
If you'd like to test whether your system is still working, you can run
against staging: Staging Environment - Let's Encrypt
If you're a Certbot user, you can find more information here:
Our forum has many threads on this topic. Please search to see if your question
has been answered, then open a new thread if it has not:
https://community.letsencrypt.org/
For more information about the TLS-SNI-01 end-of-life, please see our API
announcement:
Thank you,
Let's Encrypt Staff
So this is maybe what is causing my error (since ACME TLS-SNI-01 has reached end of life, that's why I cannot renew properly).
So I followed what's here: How to stop using TLS-SNI-01 with Certbot
And afterwards I ran a dry run, and still I'm getting the same issue ...
@schoen