Unable to do a certificate renewal on new server


#1

I am trying to build a new server for my team, and for some reason I am getting an issue in renewing the certificate, but not in generating the new certificate. I even destroyed it and renewed it and that worked again.

Error is as follows:
`Processing /etc/letsencrypt/renewal/asset.beinglibertarian.com.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for asset.beinglibertarian.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (asset.beinglibertarian.com) from /etc/letsencrypt/renewal/asset.beinglibertarian.com.conf produced an unexpected error: Failed authorization procedure. asset.beinglibertarian.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://asset.beinglibertarian.com/.well-known/acme-challenge/qtd-UcBdvMOSpNn5rytdOZ7z0Hr40-dF7D-hlk0vCYc: “\n404 Not Found\n<body bgcolor=“white”>\n

404 Not Found

\n
ngin”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/asset.beinglibertarian.com/fullchain.pem (failure)

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/asset.beinglibertarian.com/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

The config is very basic as I like to test SSL renewals before moving on.
server {
server_name asset.beinglibertarian.com;

root /var/www/html/snipeit/;
index index.php index.html index.htm;

location / {
    try_files $uri $uri/ /index.php$is_args$args;
}

location ~ \.php$ {
    try_files $uri $uri/ =404;
    fastcgi_pass unix:/var/run/php7.2-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}

location ~ /.well-known {
allow all;
}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/asset.beinglibertarian.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/asset.beinglibertarian.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
if ($host = asset.beinglibertarian.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

listen 80;
server_name asset.beinglibertarian.com;
return 404; # managed by Certbot

}

I added the well-known to the config in an effort to troubleshoot, but the main sites we host have no issues, we have an email, and three wordpress servers all running letsencrypt with zero issues


#2

Hi,

On the last line of plain http configuration, you have a return 404, which would literally return 404 (as when let’s encrypt validate your site)

Have you tried to remove it?

Thank you


#3

So it worked after disabling cloudflare proxy, then I re-enabled it after doing a test again, not it seems to be working perfectly. Weird, maybe someone could explain that?