Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/icecub.nl.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for icecub.nl
http-01 challenge for www.icecub.nl
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (icecub.nl) from /etc/letsencrypt/renewal/icecub.nl.conf produced an unexpected error: Failed authorization procedure. icecub.nl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://icecub.nl/.well-known/acme-challenge/uouOpV2KmQ-saf4vJynG9Q6NlP0Npn-GmXD4rGX5x7w: "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ht", www.icecub.nl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.icecub.nl/.well-known/acme-challenge/SREMWMMKm5lDHHe9vCcyiIcCRN7lDMbQKW0zRN0FFbc: "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ht". Skipping.
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/chat.icecub.nl.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for chat.icecub.nl
Waiting for verification...
Cleaning up challenges
Unable to clean up challenge directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/chat.icecub.nl/fullchain.pem
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/xgn-gaming.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for xgn-gaming.com
http-01 challenge for www.xgn-gaming.com
Waiting for verification...
Cleaning up challenges
Unable to clean up challenge directory /var/www/xgn-gaming.com/web/.well-known/acme-challenge
Attempting to renew cert (xgn-gaming.com) from /etc/letsencrypt/renewal/xgn-gaming.com.conf produced an unexpected error: Failed authorization procedure. xgn-gaming.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://xgn-gaming.com/.well-known/acme-challenge/8zxfrHzQmcUhbXdiuAOf21YZMRNdZbnr3d-k3i94s08: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p", www.xgn-gaming.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.xgn-gaming.com/.well-known/acme-challenge/8VJWSCXi-4hct1e3QBMmLYW9Pjibtep8CTuc9cGrQ88: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p". Skipping.
The following certs could not be renewed:
/etc/letsencrypt/live/icecub.nl/fullchain.pem (failure)
/etc/letsencrypt/live/xgn-gaming.com/fullchain.pem (failure)
-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
The following certs were successfully renewed:
/etc/letsencrypt/live/chat.icecub.nl/fullchain.pem (success)
The following certs could not be renewed:
/etc/letsencrypt/live/icecub.nl/fullchain.pem (failure)
/etc/letsencrypt/live/xgn-gaming.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
-------------------------------------------------------------------------------
2 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: icecub.nl
Type: unauthorized
Detail: Invalid response from
http://icecub.nl/.well-known/acme-challenge/uouOpV2KmQ-saf4vJynG9Q6NlP0Npn-GmXD4rGX5x7w:
"<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ht"
Domain: www.icecub.nl
Type: unauthorized
Detail: Invalid response from
http://www.icecub.nl/.well-known/acme-challenge/SREMWMMKm5lDHHe9vCcyiIcCRN7lDMbQKW0zRN0FFbc:
"<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ht"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- The following errors were reported by the server:
Domain: xgn-gaming.com
Type: unauthorized
Detail: Invalid response from
http://xgn-gaming.com/.well-known/acme-challenge/8zxfrHzQmcUhbXdiuAOf21YZMRNdZbnr3d-k3i94s08:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
Domain: www.xgn-gaming.com
Type: unauthorized
Detail: Invalid response from
http://www.xgn-gaming.com/.well-known/acme-challenge/8VJWSCXi-4hct1e3QBMmLYW9Pjibtep8CTuc9cGrQ88:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): Apache/2.4.18
The operating system my web server runs on is (include version): Ubuntu 16.04.3 LTS (Xenial Xerus)
My hosting provider, if applicable, is: Self hosted
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ISPConfig 3 is installed.
It looks like the webroot directory that you chose when you originally obtained these certificates (you can find it in /etc/letsencrypt/renewal/icecub.nl.conf and /etc/letsencrypt/renewal/xgn-gaming.com.conf) no longer works as a place to put static files and have them appear on your web site. Perhaps you’ve changed your web site configuration since obtaining the certificates by installing a CMS or something?
Can you take a look at the webroot directory configurations and see if they’re still correct and if files placed there still appear on the web site?
After varifying my apache config files, they’re showing:
<Directory /var/www/icecub.nl/web>
# Clear PHP settings of this website
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler None
</FilesMatch>
Options +FollowSymLinks
AllowOverride All
Require all granted
# ssi enabled
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Options +Includes
</Directory>
What might be an issue, though not sure as it worked perfectly fine while I got the initial certificates, is that that’s a symlink towards the actual webroot, which is:
<Directory /var/www/clients/client1/web4/web>
# Clear PHP settings of this website
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler None
</FilesMatch>
Options +FollowSymLinks
AllowOverride All
Require all granted
# ssi enabled
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Options +Includes
</Directory>
But that goes for chat.icecub.nl just as well and that one is working fine.