PLease help! Im trying to renew our certificate.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mpmadmin.ins-webreg.jp

I ran this command: sudo certbot renew --cert-name mpmadmin.ins-webreg.jp

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/mpmadmin.ins-webreg.jp.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mpmadmin.ins-webreg.jp
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Waiting for verification...
Challenge failed for domain mpmadmin.ins-webreg.jp
http-01 challenge for mpmadmin.ins-webreg.jp
Cleaning up challenges
Attempting to renew cert (mpmadmin.ins-webreg.jp) from /etc/letsencrypt/renewal/ mpmadmin.ins-webreg.jp.conf produced an unexpected error: Some challenges have f ailed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mpmadmin.ins-webreg.jp/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mpmadmin.ins-webreg.jp/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: mpmadmin.ins-webreg.jp
  Type: unauthorized
  Detail: 54.250.44.149: Invalid response from
  http://mpmadmin.ins-webreg.jp/.well-known/acme-challenge/Lo8yypgdac6GNpsoCy8M sYxEifn96cWB9xTpWe-uabY:
  404

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version): Nginx 1.23.4

The operating system my web server runs on is (include version): Ubuntu 20.04.6 TLS

My hosting provider, if applicable, is: AWS EC2

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): using PUTTY to run the command

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

Hi @racel03, and welcome to the LE community forum

Let's have a look at your nginx config, with:

nginx -T

Also, Ubuntu 20 should have snap installed.
If so, you should be using the snap version of certbot.
See: Certbot Instructions | Certbot (eff.org)

So I used snapd instruction to renew again Certbot Instructions | Certbot

but still facing the error below

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: mpmadmin.ins-webreg.jp
Type: unauthorized
Detail: 54.250.44.149: Invalid response from http://mpmadmin.ins-webreg.jp/.well-known/acme-challenge/nHd48IUl6fW1ijHSsB-RrsLutQ9Bs3nlekt1rGWeuOA: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Please explain.

HTTP is being handled by Apache:

curl -Ii mpmadmin.ins-webreg.jp
HTTP/1.1 200 OK
Date: Mon, 15 Jan 2024 08:20:18 GMT
Server: Apache/2.4.41 (Ubuntu)     <<<<<<<<<<<<<<<<<<<<<<<<<
Last-Modified: Mon, 16 Oct 2023 04:51:19 GMT
ETag: "2aa6-607ce283c5609"
Accept-Ranges: bytes
Content-Length: 10918
Vary: Accept-Encoding
Content-Type: text/html

HTTPS is being handled by nginx:

curl -Iik https://mpmadmin.ins-webreg.jp/
HTTP/2 200
server: nginx/1.23.4     <<<<<<<<<<<<<<<<<<<<<<<<<
date: Mon, 15 Jan 2024 08:20:32 GMT
content-type: text/html
content-length: 11004
last-modified: Wed, 01 Dec 2021 05:01:04 GMT
etag: "61a70190-2afc"
strict-transport-security: max-age=31536000; includeSubDomains
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
accept-ranges: bytes

I am not sure why they are apache and nginx . As I am not the who setup the webserver . I was just ask to renew the certificate using letsecnrypt

Try instead:

certbot renew

And show us both of these:

certbot certificates
sudo apachectl -t -D DUMP_VHOSTS

Certificate Name: mpmadmin.ins-webreg.jp
    Serial Number: 359ebf3ea462827c4994a30eee01e64ec68
    Key Type: RSA
    Domains: mpmadmin.ins-webreg.jp
    Expiry Date: 2024-01-14 03:55:21+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/mpmadmin.ins-webreg.jp/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/mpmadmin.ins-webreg.jp/privkey.pem

what does sudo apachectl -t -D DUMP_VHOSTS do ? Im afraid to run the command as this is live webserver

Don't be afraid - you're dealing with a professional [and a "Community Leader"].
It shows all the vhosts and what name:ports and config files are associated with them.

If you have a test environment, then run it there first [to see for yourself].

This domain isn't doing much at the moment - LOL

I have run the command

That all of the output?

yes thats only come out

Show us this file:

Try:
certbot renew --webroot -w /var/www/html --cert-name mpmadmin.ins-webreg.jp

It worked. What happen there ?

Thank you so much!!!

LOL 

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.