Unable to renew a certificate as acme-challenge can't be reached

Please fill out the fields below so we can help you better.

My domain is: saveeo.com

I ran this command as root:

./certbot-auto renew --webroot -w /var/www/saveeo.com --post-hook “service nginx reload”

It produced this output:

root@ip-172-31-11-220:/opt/certbot# ./certbot-auto renew --webroot -w /var/www/saveeo.com --post-hook "service nginx reload"
Saving debug log to /var/log/letsencrypt/letsencrypt.log

---

Processing /etc/letsencrypt/renewal/saveeo.com.conf

Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for saveeo.com
Using the webroot path /var/www/saveeo.com for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/saveeo.com.conf produced an unexpected error: Failed authorization procedure. saveeo.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://saveeo.com/.well-known/acme-challenge/z7jEQ9qERYSSJfW-LW8feFGrES3EwpFnwSXXgJaRKLk: "

<meta http-equiv="X-UA-Compa". Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/saveeo.com/fullchain.pem (failure)
Running post-hook command: service nginx reload
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: saveeo.com
  Type: unauthorized
  Detail: Invalid response from
  http://saveeo.com/.well-known/acme-challenge/z7jEQ9qERYSSJfW-LW8feFGrES3EwpFnwSXXgJaRKLk:
  "

  <meta http-equiv="X-UA-Compa"

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A record(s) for that domain
  contain(s) the right IP address.
  root@ip-172-31-11-220:/opt/certbot#

My web server is (include version):

nginx/1.10.1

The operating system my web server runs on is (include version):

Ubuntu Xenial

My hosting provider, if applicable, is:

AWS

I can login to a root shell on my machine (yes or no, or I don’t know):

I can login. I have used this exact command to renew 4 times before, but this time it doesn’t work. Weird

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

No.

It seems your http to https redirection is removing the URL.
The redirection should bypass /.well-known or /.well-known/acme-challenge

Try placing a “test.txt” file in the acme-challenge folder.
Get that to work (http://saveeo.com/.well-known/acme-challenge/test.txt) and then try to renew.

How come this exact command has worked without any issues the last few times I ran it?

I will check that as well.

Update: text.txt isn’t accessible. Gives a 301.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.