Having problems disabling the obsolete TLS-SNI-01 on my webserver - couldn’t find any details on this specific error. I’m not an advanced Linux user so don’t want to poke around too much on a live system without advice. This server was set up a while ago so I’m rusty.
Note that I have Nginx running two domains, but the errors for the two domains are not exactly alike.
My domain is:
www.cosmicdan.com
www.wafassociation.org
I ran this command:
[Everything in the guide]
Specific error occurs during the renewal dry-run.
It produced this output:
root@localhost:/etc/letsencrypt/renewal# certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.cosmicdan.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.cosmicdan.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (www.cosmicdan.com) from /etc/letsencrypt/renewal/www.cosmicdan.com.conf produced an unexpected error: Failed authorization procedure. www.cosmicdan.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Error reading HTTP response body: invalid byte in chunk length. Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.wafassociation.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.wafassociation.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (www.wafassociation.org) from /etc/letsencrypt/renewal/www.wafassociation.org.conf produced an unexpected error: Failed authorization procedure. www.wafassociation.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.wafassociation.org/.well-known/acme-challenge/II7gCnFAN3EK9eR2RmHisyPY6Jn6fFTGKzH3NY-7bE4: "<!DOCTYPE html><html lang=\"en\" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWX". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.cosmicdan.com/fullchain.pem (failure)
/etc/letsencrypt/live/www.wafassociation.org/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.cosmicdan.com/fullchain.pem (failure)
/etc/letsencrypt/live/www.wafassociation.org/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.cosmicdan.com
Type: unauthorized
Detail: Error reading HTTP response body: invalid byte in chunk
length
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- The following errors were reported by the server:
Domain: www.wafassociation.org
Type: unauthorized
Detail: Invalid response from
http://www.wafassociation.org/.well-known/acme-challenge/II7gCnFAN3EK9eR2RmHisyPY6Jn6fFTGKzH3NY-7bE4:
"<!DOCTYPE html><html lang=\"en\"
data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWX"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
nginx/1.10.3 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 16.04.5 LTS
My hosting provider, if applicable, is:
Linode
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
0.28.0 (seems the latest available for Ubuntu 16.04)
Any advice and troubleshooting steps appreciated - I don’t even know where to start. Thanks!
P.S. Was about to attach the debug log but I’m not sure if there is any sensitive information in there.