Unable to renew non-www domains

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

Hello,
I have 2 domains, a main ( pet-alert-988.fr ) and an alias ( petalert988.fr ).

Normally, it redirects always to www.pet-alert-988.fr (currently redirections are déactivated) :

pet-alert-988.fr -> www.pet-alert-988.fr
petalert988.fr -> www.pet-alert-988.fr
www.petalert988.fr -> www.pet-alert-988.fr

Until now, the certificate has been renewing correctly with this configuration, but now the renew crash due to petalert988.fr and pet-alert-988.fr (please notice the www.petalert988.fr works also).

I have this issue with anothers similars domains.

My domain is: pet-alert-988.fr , petalert988.fr

I ran this command:
certbot -v certonly --webroot --webroot-path /var/www/plrt/ --renew-by-default --email certificats@kesako.net --text --agree-tos -d pet-alert-988.fr -d www.pet-alert-988.fr -d www.petalert988.fr -d petalert988.fr

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for pet-alert-988.fr
http-01 challenge for petalert988.fr
Using the webroot path /var/www/plrt for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. petalert988.fr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 2a03:b0c0:3:d0::1a5f:2001: Invalid response from http://petalert988.fr/.well-known/acme-challenge/k2WPG615_Gut5wgRAMzVmO_XRulcw8nc_q9nhwtnZ6A: 404, pet-alert-988.fr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 2a03:b0c0:3:d0::1a5f:2001: Invalid response from http://pet-alert-988.fr/.well-known/acme-challenge/okWIFjmYXx3wisizwB3GXnejYup5PwOiwhyf8Ov545c: 404

IMPORTANT NOTES:

My web server is (include version): Apache 2.4.38

The operating system my web server runs on is (include version): Debian 10.9

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Non

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

Thanks in advance for yours answers.

Hi @sergio_kesako, and welcome to the LE community forum :slight_smile:

It seems that the IPv4 connects to Apache, while IPv6 connects to nginx:

curl -Ii4 petalert988.fr
HTTP/1.1 301 Moved Permanently
Date: Tue, 07 Jun 2022 15:50:22 GMT
Server: Apache/2.4.38 (Debian)
Location: https://www.pet-alert-988.fr/
Content-Type: text/html; charset=iso-8859-1

curl -Ii6 petalert988.fr
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 07 Jun 2022 15:50:27 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 26 Apr 2022 11:12:34 GMT
Connection: keep-alive
ETag: "6267d3a2-264"
Accept-Ranges: bytes

Make sure the IPs are updated, correct, and can both reach your server.

6 Likes

Hello,

It seems the IPv6 was wrong. I've corrected that and now it works fine.

Thank you very much !!

2 Likes

Never, ever, use this option again. It does not do what you think it does.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.