Unable to renew my certs


#1

My domain is:

I ran this command:

certbot certonly --webroot --webroot-path ********* --domain shr.sigmaphi.fr

or

certbot renew

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for shr.sigmaphi.fr
Using the webroot path ******* for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. shr.sigmaphi.fr (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://shr.sigmaphi.fr.well-known/acme-challenge/8Hx-Y8jOQ-xkhgmW9e1rVOJZbU27kXmheXiejHOvhv0: Error getting validation data

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: shr.sigmaphi.fr
    Type: connection
    Detail: Fetching
    https://shr.sigmaphi.fr.well-known/acme-challenge/8Hx-Y8jOQ-xkhgmW9e1rVOJZbU27kXmheXiejHOvhv0:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): apache2

Hello,

First sorry for my bad english.
As you see, i can’t renew my certs and i don’t know why.
Thanks for the help !


#2

Have a look at the redirect target (https://shr.sigmaphi.fr.well-known/), this is most likely the result of a misconfigured redirect (the slash is missing after the domain name).


#3

I think that may have been fixed now and the cert has been renewed.
But it seems that all connections end up at: https://shr.sigmaphi.fr/login

Please place a test.txt file in the acme-challenge folder to test proper access.

Additionally, the web service has no cipher preference order.
Try including something like this in your 443 configuration block:
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:!3DES:!CAMELLIA:!DES:!DSS:!IDEA:!MD5:!PSK:!RC4:!SEED
SSLHonorCipherOrder on

for more see: https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html


#4

Hello again.
Yes i found the problem with your help.
The problem was in my apache.conf with a slash missing.

Thanks Bytecamp and rg305 for your advices !


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.