Unable to renew non-www domains

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I have 2 domains, a main ( pet-alert-988.fr ) and an alias ( petalert988.fr ).

Normally, it redirects always to www.pet-alert-988.fr (currently redirections are déactivated) :

pet-alert-988.fr -> www.pet-alert-988.fr
petalert988.fr -> www.pet-alert-988.fr
www.petalert988.fr -> www.pet-alert-988.fr

Until now, the certificate has been renewing correctly with this configuration, but now the renew crash due to petalert988.fr and pet-alert-988.fr (please notice the www.petalert988.fr works also).

I have this issue with anothers similars domains.

My domain is: pet-alert-988.fr , petalert988.fr

I ran this command:
certbot -v certonly --webroot --webroot-path /var/www/plrt/ --renew-by-default --email certificats@kesako.net --text --agree-tos -d pet-alert-988.fr -d www.pet-alert-988.fr -d www.petalert988.fr -d petalert988.fr

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for pet-alert-988.fr
http-01 challenge for petalert988.fr
Using the webroot path /var/www/plrt for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. petalert988.fr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 2a03:b0c0:3:d0::1a5f:2001: Invalid response from http://petalert988.fr/.well-known/acme-challenge/k2WPG615_Gut5wgRAMzVmO_XRulcw8nc_q9nhwtnZ6A: 404, pet-alert-988.fr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 2a03:b0c0:3:d0::1a5f:2001: Invalid response from http://pet-alert-988.fr/.well-known/acme-challenge/okWIFjmYXx3wisizwB3GXnejYup5PwOiwhyf8Ov545c: 404


My web server is (include version): Apache 2.4.38

The operating system my web server runs on is (include version): Debian 10.9

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Non

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

Thanks in advance for yours answers.

Hi @sergio_kesako, and welcome to the LE community forum :slight_smile:

It seems that the IPv4 connects to Apache, while IPv6 connects to nginx:

curl -Ii4 petalert988.fr
HTTP/1.1 301 Moved Permanently
Date: Tue, 07 Jun 2022 15:50:22 GMT
Server: Apache/2.4.38 (Debian)
Location: https://www.pet-alert-988.fr/
Content-Type: text/html; charset=iso-8859-1

curl -Ii6 petalert988.fr
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 Jun 2022 15:50:27 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 26 Apr 2022 11:12:34 GMT
Connection: keep-alive
ETag: "6267d3a2-264"
Accept-Ranges: bytes

Make sure the IPs are updated, correct, and can both reach your server.



It seems the IPv6 was wrong. I've corrected that and now it works fine.

Thank you very much !!


Never, ever, use this option again. It does not do what you think it does.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.