Unable to reniew certificate

My domain is: sweanon.se

I ran this command:
./certbot-auto certonly --nginx --dry-run

It produced this output:
Invalid response from
“http://sweanon.se/.well-known/acme-challenge/063jnIsN1HJRyWrVSIfXTZ2NW6_bSJPPMnMG3ENu1wQ”

My web server is (include version):
nginx/1.16.1 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 19.10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no, using ssh

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot-auto --version: certbot 1.0.0

Hi @andreasellsen

checking your domain there is an Express - https://check-your-website.server-daten.de/?q=sweanon.se

So --nginx may not work.

What says

nginx -T

Perhaps switch to webroot.

https://certbot.eff.org/docs/using.html

But /.well-known/acme-challenge must be able to handle files.

That's

Cannot GET /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

not a nginx - http status 404 answer, that's something else.

nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

./certbot-auto certonly --dry-run

Gives same result unfortunately

/etc/nginx/nginx.conf:

https://pastebin.com/DrsDbZ7a

@JuergenAuer

/etc/nginx/sites-enabled/sweanon.conf:

https://pastebin.com/YfpLJPVX

I wrote

nginx -T

not -t.

@JuergenAuer Sorry about that, here is nginx -T:

https://pastebin.com/LKznXfZz

@JuergenAuer I also noticed that sudo ls /etc/letsencrypt/live only gives me a README file so it seems I must have deleted these while testing everything i found on google…

There is your answer:

nginx: [warn] conflicting server name "www.sweanon.se" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "sweanon.se" on 0.0.0.0:80, ignored

You must have a second vHost, so the wrong vHost is used.

@JuergenAuer Removed the second server block in my sweanon.conf but still getting same error when running ./certbot-auto certonly --nginx

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for sweanon.se
http-01 challenge for www.sweanon.se
Waiting for verification…
Challenge failed for domain sweanon.se
Challenge failed for domain www.sweanon.se
http-01 challenge for sweanon.se
http-01 challenge for www.sweanon.se
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: sweanon.se
  Type: unauthorized
  Detail: Invalid response from
  http://sweanon.se/.well-known/acme-challenge/t2eSnf-7LI7N1DwLNTSOYKBty6soGA9Ui9cL1zhP2EY
  [51.38.124.101]: “\n<html
  lang=“en”>\n\n<meta
  charset=“utf-8”>\nError\n\n\n

  Cannot
  
  GET /.well-known/”
  Domain: www.sweanon.se
  
  Type:   unauthorized
  
  Detail: Invalid response from
  
  http://www.sweanon.se/.well-known/acme-challenge/iyO8uY54p1eC6g1npeMr3O76tAtQkUNa4dmcr6cDp2s
  
  [51.38.124.101]: “\n<html
  
  lang=“en”>\n\n<meta
  
  charset=“utf-8”>\nError\n\n\n
  Cannot
  
  GET /.well-known/”
  

@JuergenAuer That folder does not exist, i do not need to manually create it do i?

You have to fix that error before you start Certbot again.

@JuergenAuer It has been fixed, still same error when trying to get a cert

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.