Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My web server is (include version):
Server version: Apache/2.4.29 (Ubuntu)
The operating system my web server runs on is (include version):
Linux ip-172-30-0-219 4.15.0-1039-aws #41-Ubuntu SMP Wed May 8 10:43:54 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
My hosting provider, if applicable, is:
running on AWS
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.23.0
running journalctl -u certbot.service gives no problems till May 26th. Then:
/etc/letsencrypt/renewal/www.i-peek.eu.conf produced an unexpected error: Failed authorization procedure. i-peek.nl (http-01): urn:acme:error:unauthorized :: …
Tried all fixes available on this forum:
We use IP4, not IP6. (tested)
All config files end on .conf
Virtual hosts are spelled correctly as <VirtualHost *:443>
Ubuntu upgraded Certbot to use systemd. Before(?) that it worked fine. Questionmark!
12 domainname give an error and 1 not, but they have the same configuration except the name and webroot. So it should be the configuration, not the software.
All sites use headers like:
Header always set Strict-Transport-Security “max-age=63072000; includeSubdomains; preload”
We allow only TLS 1.2.
And now we are lost. Thanks is advance for pointing us in the right direction.
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.29 (Ubuntu) Server at i-peek.eu Port 443
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.29 (Ubuntu) Server at www.i-peek.eu Port 443
Port 80 is open and answers correct. You have a lot of older certificates, first from 2016-02-15 11:41:00. Looks like you have used tls-sni-01 validation, that's not longer supported (end ~~ 2019-03-15). So you have to use another validation method.
That's
wonderful. So use this information:
certbot run -a webroot -i apache -w yourWebroot -d i-peek.eu
However, if I open the site https://i-peek.eu the old certificate is shown. A caching problem? Do I manually have to restart Apache? Does certbot this automatically?
My second question is how I can use another validation method permanently use the weekly certbot run? Do I have to change a configuration file somewhere to a new protocol?
And the third question is how to remove all old certificates at once? Is a command available?
CN=i-peek.nl
24.03.2019
22.06.2019
expires in 19 days i-peek.eu, i-peek.nl,
www.i-peek.eu, www.i-peek.nl - 4 entries
The new:
CN=i-peek.eu
03.06.2019
01.09.2019
expires in 90 days i-peek.eu, i-peek.nl,
www.i-peek.eu, www.i-peek.nl - 4 entries
Checked the non-www version with Chrome, first I saw the new, then the old certificate. Now I see the new again.
You should reboot your server to see, if it is a temporary or a permanent problem. That happens sometimes if there are two processes, one with the old, one with the new certificate.
Well, the problems started with the weekly run of Certbot, using an old protocol. I updated the certificates by hand. I didn’t change anything in the configuration. So next time, Certbot will use the old protocol again and give problems? Or, was the problem caused to running two processes and are problems fixed by rebooting?