Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Failed to renew certificate sergioloporto.com with error: Some challenges have failed.
My web server is (include version): nginx/1.18
The operating system my web server runs on is (include version): Ubuntu
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.32.2
================
This domains was renewing automatically well for years... it stopped.
The only change done was to replace one wordpress blog with another - complete change of files.
The permissions of the blog folder aree the same of the other blogs whoes certificates updated normally: drwxr-xr-x 6 www-data www-data
server {
listen 443 ssl;
listen 80;
root /var/www/sergioloporto.com;
index index.php;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
include /etc/nginx/global.d/*.conf;
server_name www.sergioloporto.com sergioloporto.com;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_certificate "/etc/letsencrypt/live/sergioloporto.com/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/sergioloporto.com/privkey.pem";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+RSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
# ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AS256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM HERE I CUT THIS PART HERE, AS IT WAS VERY LONG";
# add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
if ($args ~ "^author=\d") { return 403; }
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff)$ {
expires 365d;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php-fpm.sock;
# fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
# fastcgi_param SERVER_NAME $host needs to be added becausae of WPML compatibility - see https://wpml.org/errata/home_ur-not-filtered-correctly-breaking-plugins-like-wp-seo-when-using-languages-in-domains-nginx-only/
fastcgi_param SERVER_NAME $host;
include fastcgi_params;
}
}
And here:
cat /etc/nginx/global.d/*.conf
location = /xmlrpc.php {
deny all;
access_log off;
}
# Deny access to wp-login.php
location = /wp-login.php {
fastcgi_pass unix:/run/php/php-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param SERVER_NAME $host;
include fastcgi_params;
limit_req zone=wordpress;
}
set $cache_uri $request_uri;
# POST requests and URLs with a query string should always go to PHP
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
# Don't cache URIs containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php
|wp-.*.php|/feed/|index.php|wp-comments-popup.php
|wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml
|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $cache_uri 'null cache';
}
# Don't use the cache for logged-in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+
|wp-postpass|wordpress_logged_in") {
set $cache_uri 'null cache';
}
# Use cached or actual file if it exists, otherwise pass request to WordPress
location / {
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html
$uri $uri/ /index.php?$args;
}
# Cache static files for as long as possible
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
expires 365d;
log_not_found off;
access_log off;
}
The right one is this root /var/www/sergioloporto.com;
Sergiofoto.pl is where the files from sergioloporto.com where moved to. And in sergioloporto.com there is a brand new blog
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: sergioloporto.com
Type: unauthorized
Detail: 54.37.137.250: Invalid response from https://www.sergioloporto.com/.well-known/acme-challenge/G_2BDtch1HmNTXpky11czBuY7lHW7ct71YGt8MpX6XA: 404
Domain: www.sergioloporto.com
Type: unauthorized
Detail: 54.37.137.250: Invalid response from https://www.sergioloporto.com/.well-known/acme-challenge/DKYOl8BZCJNqLX4X1TVlyrxrIdoatvOTWlZM8rJundI: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Failed to renew certificate sergioloporto.com with error: Some challenges have failed.
I have another site with the exact same permissions and configuration. Also it has:
server {
listen 80;
server_name uzdrawianie.netwww.uzdrawianie.net;
root /var/www/uzdrawianie.net;
return 301 https://uzdrawianie.net$request_uri;
}