I have two websites on a Virtual Host. Running Apache2 and Ubuntu 14.04. I got the certificate to work for onlinedegreedatabase.com and now it is expiring so I need to renew it. I downloaded certbot-auto and ran it with verbose. This is the result: (any suggestions would be appreciated)
2016-05-31 14:28:21,209:INFO:certbot.renewal:Cert is due for renewal, auto-renewing…
2016-05-31 14:28:21,486:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-05-31 14:28:22,067:INFO:certbot.auth_handler:Performing the following challenges:
2016-05-31 14:28:22,067:INFO:certbot.auth_handler:http-01 challenge for onlinedegreedatabase.com
2016-05-31 14:28:22,067:INFO:certbot.auth_handler:http-01 challenge for www.onlinedegreedatabase.com
2016-05-31 14:28:22,077:INFO:certbot.auth_handler:Waiting for verification…
2016-05-31 14:28:25,551:INFO:certbot.reporter:Reporting to user: The following errors were reported by the server:
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2016-05-31 14:28:25,551:INFO:certbot.auth_handler:Cleaning up challenges
2016-05-31 14:28:25,552:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/onlinedegreedatabase.com.conf produced an unexpected error: Failed authorization procedure. onlinedegreedatabase.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://onlinedegreedatabase.com/.well-known/acme-challenge/QBgtSVZDa-8ytKRZEuCBwnSUZ0z8Aj47Rf0Xf4mrVmc: "
404 Not Found
Not Found
<p", www.onlinedegreedatabase.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.onlinedegreedatabase.com/.well-known/acme-challenge/CB02GFlfGaPwMP_IaaulZ38yIVUlXBk62f4gDtFi9tI: "
404 Not Found
Not Found
<p". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/onlinedegreedatabase.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
Hi @douglas, do you know what command you used to get the certificate originally? Has anything changed in the server configuration there?
If you manually create some files inside of /.well-known/acme-challenge in your server’s webroot (like /.well-known/acme-challenge/test.txt), can you see them in a web browser if you go to the corresponding URLs on the web sites?
I can see those files:
Index of /.well-known/acme-challenge
[ICO] Name Last modified Size Description
[PARENTDIR] Parent Directory -
[TXT] test.txt 2016-05-31 17:14 14
Apache/2.4.7 (Ubuntu) Server at www.onlinedegreedatabase.com Port 80
Because it was a Virtual server, I had to use the certonly command. I tried to renew and when that didn’t work, I tried changing my server configuration. Previously it was /var/www/html/project.com/ and now it is /var/www/onlinedegreedatabase.com/public_html/
Aha! I think changing the directory of your webroot is exactly the trouble, because the client has saved the original location and is still trying to use it for renewal purposes.
If you edit the file /etc/letsencrypt/renewal/onlinedegreedatabase.com.conf and find the place where /var/www/html/project.com is mentioned, you can replace it with /var/www/onlinedegreedatabase.com/public_html and then the renewal process should complete successfully. You may also be able to achieve the same thing with
<p", www.onlinedegreedatabase.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.onlinedegreedatabase.com/.well-known/acme-challenge/kqsuRzWhrxvMrhMnt6BrLhm4jEnQn_ntwoUW3dFADvc: "
404 Not Found
Not Found
<p". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/onlinedegreedatabase.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Using the second method, (presuming I needed to use ./certbot-auto) I got the following error:
If you specify multiple webroot paths, one of them must precede all domain flags
Alas, I spoke slightly too soon. Here is the response from your suggestion:
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/onlinedegreedatabase.com/fullchain.pem. Your
cert will expire on 2016-08-30. To obtain a new or tweaked version
of this certificate in the future, simply run certbot-auto again.
To non-interactively renew all of your ceriticates, run
"certbot-auto renew"
However, when I go to https://www.onlinedegreedatabase.com, it is not there. Do I need to edit the /etc/apache2/sites-available/onlinedegreedatabase.com.conf file or do something else?
You may need to edit the /etc/apache2/sites-available/onlinedegreedatabase.com.conf file, yes ( it depends if it already points to the /etc/letsencrypt/live/onlinedegreedatabase.com/ folder for the certs.
If it does, thenn you probably just need to reload / restart apache.
Your conf file is incorrect somewhere. Your server is providing http not https on port 443 ( you can tell by going to http://www.onlinedegreedatabase.com:443/ in the browser )
are you happy to provide your complete config file in pastebin.com ( for a limited time ) ? or do you know someone locally who understands how to configure apache ?