My domain is: https://obeclean.ca
I ran this command: sudo certbot renew --dry run
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/obeclean.ca.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for obeclean.ca
nginx: [warn] conflicting server name "obeclean.ca" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "obeclean.ca" on 0.0.0.0:80, ignored
Waiting for verification...
Cleaning up challenges
nginx: [warn] conflicting server name "obeclean.ca" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "obeclean.ca" on 0.0.0.0:80, ignored
Attempting to renew cert (obeclean.ca) from /etc/letsencrypt/renewal/obeclean.ca.conf produced an unexpected error: Failed authorization procedure. obeclean.ca (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://obeclean.ca/.well-known/acme-challenge/60FlraF15P6apSI-aRi3uhJt8zhVVBlg_4WTGYKTUyU [54.148.122.147]: "<!DOCTYPE html>\n<html>\n<head>\n <title>The page you were looking for doesn't exist (404)</title>\n <meta name=\"viewport\" content". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/obeclean.ca/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/obeclean.ca/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: obeclean.ca
Type: unauthorized
Detail: Invalid response from
https://obeclean.ca/.well-known/acme-challenge/60FlraF15P6apSI-aRi3uhJt8zhVVBlg_4WTGYKTUyU
[54.148.122.147]: "<!DOCTYPE html>\n<html>\n<head>\n <title>The
page you were looking for doesn't exist (404)</title>\n <meta
name=\"viewport\" content"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): Nginx
The operating system my web server runs on is (include version): ubuntu 18
My hosting provider, if applicable, is: Rebel.ca
I can login to a root shell on my machine (yes or no, or I don't know): yes
Can any one please resolve the issue why I am unable to renew the ssl certificate.
1 Like
_az
December 15, 2020, 8:22pm
2
It's probably because of this.
In your nginx configuration, obeclean.ca
should only appear as a server_name
in a single HTTP and HTTPS server
block/virtualhost, each.
When you have duplicate server_name
s, it can confuse Certbot's nginx plugin. It's also just an invalid nginx configuration more broadly.
Fixing that is going to involve identifying the duplicate virtualhosts in your nginx configuration, and then removing them. A place to start looking is /etc/nginx/sites-available/
, /etc/nginx/conf.d
.
1 Like
server {
server_name obeclean.ca;
root /var/www/company/code/public;
# Turn on Passenger
passenger_enabled on;
passenger_ruby /usr/local/rvm/gems/ruby-2.5.1/wrappers/ruby;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/obeclean.ca/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/obeclean.ca/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }
server{
listen 80;
server_name obeclean.ca;
return 301 https://obeclean.ca$request_uri;
}
This is my config file in /etc/nginx/sites-enabled. Can you please let me know is this configuration
preventing it from renewal?
1 Like
_az
December 15, 2020, 8:34pm
4
According to the output in your original post, there are more virtualhosts than just those two.
This command should show them all:
sudo nginx -T
1 Like
Configuration file /etc/nginx/sites-enabled/aspenclean.conf:
server {
server_name obeclean.ca;
#rails_env production;
#passenger_app_root /var/www/aspenclean/code;
# Tell Nginx and Passenger where your app's 'public' directory is
root /var/www/aspenclean/code/public;
# Turn on Passenger
passenger_enabled on;
passenger_ruby /usr/local/rvm/gems/ruby-2.5.1/wrappers/ruby;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/obeclean.ca/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/obeclean.ca/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server{
listen 80;
server_name obeclean.ca;
return 301 https://obeclean.ca$request_uri;
}
Configuration file /etc/nginx/sites-enabled/aspenclean.conf.save:
server {
server_name obeclean.ca;
#rails_env production;
#passenger_app_root /var/www/aspenclean/code;
# Tell Nginx and Passenger where your app's 'public' directory is
root /var/www/aspenclean/code/public;
# Turn on Passenger
passenger_enabled on;
passenger_ruby /usr/local/rvm/gems/ruby-2.5.1/wrappers/ruby;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/obeclean.ca/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/obeclean.ca/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server{
listen 80;
server_name obeclean.ca;
return 301 https://obeclean.ca$request_uri;
}
I got the above log
1 Like
_az
December 15, 2020, 8:49pm
6
Thanks.
It appears to be this /etc/nginx/sites-enabled/aspenclean.conf.save
file.
Try moving it outside of /etc/nginx
and see whether that helps.
3 Likes
Excellent. It worked. Thanks a lot
2 Likes
![success|690x359]
Even though the cert-bot renewal was successful, why I am seeing the expiry date still December?
(Restarted the Nginx twice and cleared the cookies)
2 Likes
_az
December 15, 2020, 11:38pm
11
Did you manage to solve this already?
From what I can see, the certificate on obeclean.ca expires on March 15 2021.
Sorry it is working fine.
I really appreciate your quick response.
3 Likes
system
Closed
January 15, 2021, 12:11am
13
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.