Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: staging.cvcbot.com

I ran this command: sudo certbot renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

---

Processing /etc/letsencrypt/renewal/staging.cvcbot.com.conf

---

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
/usr/lib/python3/dist-packages/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)
Performing the following challenges:
http-01 challenge for staging.cvcbot.com
nginx: [warn] conflicting server name “staging.cvcbot.com” on 0.0.0.0:80, ignored
Waiting for verification…
/usr/lib/python3/dist-packages/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)
Cleaning up challenges
nginx: [warn] conflicting server name “staging.cvcbot.com” on 0.0.0.0:80, ignored
Attempting to renew cert (staging.cvcbot.com) from /etc/letsencrypt/renewal/staging.cvcbot.com.conf produced an unexpected error: Failed authorization procedure. staging.cvcbot.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://staging.cvcbot.com/.well-known/acme-challenge/6sxOgXasz9EUxyLQrWQoWlpIwGc7YGAInHfy-xF-HjQ [34.239.210.203]: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n

---

”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/staging.cvcbot.com/fullchain.pem (failure)

---

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/staging.cvcbot.com/fullchain.pem (failure)

---

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: staging.cvcbot.com
  Type: unauthorized
  Detail: Invalid response from
  https://staging.cvcbot.com/.well-known/acme-challenge/6sxOgXasz9EUxyLQrWQoWlpIwGc7YGAInHfy-xF-HjQ
  [34.239.210.203]: “\r\n404 Not
  Found\r\n<body bgcolor=“white”>\r\n

  404
  Not Found

  \r\n

  ---

  ”

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version): nginx/1.10.3

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: domain godaddy

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.26.1

sudo certbot renew --dry-run resulted in success

letsdebug.net resulted in All OK!

not sure what I’m missing, it was working fine until yesterday, could you please help.

Can you display the Nginx configuration with "sudo nginx -T" and make sure there aren't multiple HTTP server blocks for staging.cvcbot.com?

If there are, Certbot may be modifying the wrong one.

If there aren't, it may still be failing to find the right virtual host for some reason.

Hi @cryptON

there is already a new certificate:

CN=staging.cvcbot.com
	27.08.2019
	25.11.2019
expires in 90 days	staging.cvcbot.com - 1 entry

Looks good.

@mnordhoff Indeed there was a Certbot managed server block with server name entry… I have commented server-name directive, now it’s successfully renewed. Thanks much.

what do you mean by now we do renewals through port 80 that I read in some other article? does it mean I should put listen 80 instead of listen 443 ssl; # managed by Certbot directive in my server block? for future successful renewals?

@JuergenAuer I just removed duplicate server block and ran sudo certbot renew, which resulted in successful renewal. Thanks for the prompt response though .

The Let's Encrypt validation uses port 80. Your HTTPS website should use port 443.

You should probably have two server blocks: One on port 80, which just redirects requests to HTTPS -- or whatever you want -- and one on port 443, where your HTTPS website is.

@mnordhoff That makes sense, Thanks.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.