Unable To Renew Expired Cert


#1

I have an old Ubuntu server that I use for Dev purposes. I wasn’t using it so I let my cert expired (stupidly).

Now when I try to renew it with;

sudo ./letsencrypt-auto

I get the following output;

Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: andrewspiers.dynu.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for andrewspiers.dynu.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. andrewspiers.dynu.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://andrewspiers.dynu.com/.well-known/acme-challenge/1X3zvijHQhgaT48O6FKJcY2T1nQV9ejWjZUe48HtAi4: "<!doctype html>\r\n<!--[if lt IE 7]> <html class=\"no-js lt-ie9 lt-ie8 lt-ie7\" lang=\"en\"> <![endif]-->\r\n<!--[if IE 7]>    <html cla"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: andrewspiers.dynu.com
   Type:   unauthorized
   Detail: Invalid response from
   http://andrewspiers.dynu.com/.well-known/acme-challenge/1X3zvijHQhgaT48O6FKJcY2T1nQV9ejWjZUe48HtAi4:
   "<!doctype html>\r\n<!--[if lt IE 7]> <html class=\"no-js lt-ie9
   lt-ie8 lt-ie7\" lang=\"en\"> <![endif]-->\r\n<!--[if IE 7]>
   <html cla"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

Also when I check Apache config, I get the following error;

 apache2ctl configtest
AH00526: Syntax error on line 31 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/andrewspiers.dynu.com/fullchain.pem' does not exist or is empty
Action 'configtest' failed.
The Apache error log may have more information.

I use dynu.com for Dynamic DNS.

Prior to the expire, I was able to renew the cert with no issue.

Any pointers please?


#2

That most definitely isn’t true, at least not in this probably shortened version. The fact a certificate expires won’t delete the fullchain.pem symbolic link from the /live/ directory. Something else must have happened.

Also, if you wanted to renew, you could have just run sudo ./letsencrypt-auto renew


#3

Start over…

See what certs you “have”:
./letsencrypt-auto certificates

Remove any that are broken or expired.
./letsencrypt-auto delete

Get a new cert for any sites that don’t have a working cert and need one…