Unable to renew existing cert, but creation working

Help
1

Folks,

I’d installed NextCloud on bhyve FreeBSD 11.1 VM on a FreeBSD 11.1 Server using Apache ~6 months ago. Used certbot to create my cert and set a cron to renew. Couple weeks ago I got an error message from NC Client about the certification been invalid. I didn’t have time to look, so accepted and continued syncing my client PC and phone via client without any issues.

This week I had time to work on it and couldn’t figure our why the renew process wasn’t working.

Did a 180º turn and checked all, from my DNS host to nmap the server to confirm ports were open – all good.

Today, while reading the forum, decide to try to create a new A record for a new name and a new certification for both (old and new A records) – worked like a charm.

Not sure other users are using the same config as I and having the same issue and, if Mr. Murphy is right, I’ll have the same issue in 90 days, so decided to start chatting about the problem before the cert expires.

Any help must appreciated.

My domain is: mellointernet.us

I ran this command: certbot renew

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/drive.mellointernet.us.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for drive.mellointernet.us
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (drive.mellointernet.us) from /usr/local/etc/letsencrypt/renewal/drive.mellointernet.us.conf produced an unexpected error: Failed authorization procedure. drive.mellointernet.us (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://drive.mellointernet.us/.well-known/acme-challenge/0dMA0gSbeDDaX1JO6JLlYBQaxMhz-Rt4TASS06zz4SY: "

404 Not Found

Not Found


<p". Skipping.
All renewal attempts failed. The following certs could not be renewed:
_ /usr/local/etc/letsencrypt/live/drive.mellointernet.us/fullchain.pem (failure)_

-------------------------------------------------------------------------------

All renewal attempts failed. The following certs could not be renewed:
_ /usr/local/etc/letsencrypt/live/drive.mellointernet.us/fullchain.pem (failure)_
-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
_ - The following errors were reported by the server:_

_ Domain: drive.mellointernet.us_
_ Type: unauthorized_
_ Detail: Invalid response from_
_ http://drive.mellointernet.us/.well-known/acme-challenge/0dMA0gSbeDDaX1JO6JLlYBQaxMhz-Rt4TASS06zz4SY:_
_ “_
_ _
_ 404 Not Found_
_ _
_

Not Found

_
_ <p”_

_ To fix these errors, please make sure that your domain name was_
_ entered correctly and the DNS A/AAAA record(s) for that domain_
_ contain(s) the right IP address._

My web server is (include version): Apache version 2.4.27

The operating system my web server runs on is (include version): FreeBSD 11.1 VM on a FreeBSD 11.1 host

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): certbot version: 0.18.2

2

Check your Apache access log around the time you tried to renew. You should be able to see the request from the Let’s Encrypt server and the log should also tell you where it tries to find the file.

Then, check if the webroot-path in /usr/local/etc/letsencrypt/renewal/drive.mellointernet.us.conf is correct.

3

@Osiris, thank you for your reply.

The path was:

[[webroot_map]]
drive.mellointernet.us = /usr/local/www/apache24/data

I’ve re-created using the NC directory, so changed to:

drive.mellointernet.us = /usr/local/www/apache24/data/nextcloud

Following the breadcrumbs … I see the last renew attempt in my certbot log:

2017-12-17 15:42:10,473:WARNING:certbot.renewal:Attempting to renew cert (drive.mellointernet.us) from /usr/local/etc/letsencrypt/renewal/drive.mellointernet.us.conf produced an unexpected error: Failed authoriz

Around that time there is nothing on httpd access log but, what I assume, is the client on my laptop synchronization:

[12/Nov/2017:15:42:06 -0500] “PROPFIND /remote.php/dav/files/mello/ HTTP/1.1” 207 512

Looking at my httpd error log, I didn’t see any entry around the same time. Noticed, though, this that I don’t know if related:

[ssl:error] [pid 937] AH02031: Hostname drive.mellointernet.us provided via SNI, but no hostname provided in HTTP request

I’ll set a reminder in 90 days to check the certification to see its status and report any error, as at this point the environment has changed and troubleshooting steps won’t lead to a working set of instructions, but wanted to leave this encountered issue registered, so if someone experiences the same can tag along.

Again thanks for your reply :slight_smile:

1 Like
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.