Unable to renew CERT

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: elysiantree.com

I ran this command:sudo certbot

It produced this output:
[sudo] password for elysiantree:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate and install certificates?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache)
2: Nginx Web Server plugin (nginx)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: elysiantree.com
2: etsociety.elysiantree.com
3: etsocietydemo.elysiantree.com
4: www.elysiantree.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1 4
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for elysiantree.com
http-01 challenge for www.elysiantree.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.elysiantree.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.elysiantree.com/.well-known/acme-challenge/Qfl74ZdgzBCQCgF3g9SToRJ3B-Vfvvv53FWdaD2bp34 [2400:6180:100:d0::8b4:d001]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>", elysiantree.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://elysiantree.com/.well-known/acme-challenge/c_7HhkgK940PMS7ETNqzJi_RtBlazABVL-_pKscMVH8 [2400:6180:100:d0::8b4:d001]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.elysiantree.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.elysiantree.com/.well-known/acme-challenge/Qfl74ZdgzBCQCgF3g9SToRJ3B-Vfvvv53FWdaD2bp34
   [2400:6180:100:d0::8b4:d001]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   Domain: elysiantree.com
   Type:   unauthorized
   Detail: Invalid response from
   http://elysiantree.com/.well-known/acme-challenge/c_7HhkgK940PMS7ETNqzJi_RtBlazABVL-_pKscMVH8
   [2400:6180:100:d0::8b4:d001]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): nginx, php

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

1 Like

Hi @elysiantree

checking your domain the problem is simple - https://check-your-website.server-daten.de/?q=elysiantree.com

You have ipv4 and ipv6:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
elysiantree.com A 142.93.222.155 Bengaluru/Karnataka/India (IN) - DigitalOcean, LLC No Hostname found yes 2 0
AAAA 2400:6180:100:d0::8b4:d001 Bengaluru/Karnataka/India (IN) - DigitalOcean, LLC yes
www.elysiantree.com C elysiantree.com yes 1 0
A 142.93.222.155 Bengaluru/Karnataka/India (IN) - DigitalOcean, LLC No Hostname found yes
AAAA 2400:6180:100:d0::8b4:d001 Bengaluru/Karnataka/India (IN) - DigitalOcean, LLC yes

But there are different configurations. Sample:

Domainname Http-Status redirect Sec. G
http://elysiantree.com/ 142.93.222.155 301 https://elysiantree.com/ Html is minified: 107,78 % 0.333 A
http://www.elysiantree.com/ 142.93.222.155 301 https://www.elysiantree.com/ Html is minified: 107,78 % 0.334 A
http://elysiantree.com/ 2400:6180:100:d0::8b4:d001 GZip used - 3138 / 10918 - 71,26 % 200 Html is minified: 223,78 % 0.343 H
http://www.elysiantree.com/ 2400:6180:100:d0::8b4:d001 GZip used - 3138 / 10918 - 71,26 % 200 Html is minified: 223,78 % 0.330 H

ipv4 has a redirect http -> https, ipv6 doesn’t have such a redirect.

And https + ipv4 works, https + ipv6 has a timeout.

Looks like your ipv6 isn’t configured, so a standard host answers.

Remove your ipv6 or update your config, so ipv4 and ipv6 send the same content.

–> No Grade K - configuration problem - different ip addresses with different status

1 Like

Thanks for your help.
However I didn’t understand much of the things, hence I asked one of my friends and he told to change the challenge and use DNS.

command executed: sudo certbot -d elysiantree.com -d www.elysiantree.com --preferred-challenges dns

By following the steps I was able to install the cert successfully.

Again, thanks for your help.

1 Like