Since last fall I permanently have any issues with the certificates which I could resolve. But now, I have no idea, what the reason of the problem below is.
I can call my server from internet with http and https. The recent Apache settings worked in the past while renewing the certificates.
My domain is: dav.kmvw-io.de ucs.kmvw-io.de web.kmvw-io.de smtp.kmvw-io.de mail.kmvw-io.de autodiscover.kmvw-io.de autoconfig.kmvw-io.de
I ran this command: sudo -u letsencrypt /usr/share/univention-letsencrypt/refresh-cert
It produced this output:
Sa 5. Feb 12:37:50 CET 2022
Refreshing certificate for following domains:
dav.kmvw-io.de ucs.kmvw-io.de web.kmvw-io.de smtp.kmvw-io.de mail.kmvw-io.de autodiscover.kmvw-io.de autoconfig.kmvw-io.de
Parsing account key...
Parsing CSR...
Found domains: ucs.kmvw-io.de
Getting directory...
Directory found!
Registering account...
Already registered!
Creating new order...
Order created!
Verifying ucs.kmvw-io.de...
Traceback (most recent call last):
File "/usr/share/univention-letsencrypt/acme_tiny.py", line 197, in
main(sys.argv[1:])
File "/usr/share/univention-letsencrypt/acme_tiny.py", line 193, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/usr/share/univention-letsencrypt/acme_tiny.py", line 149, in get_crt
raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
ValueError: Challenge did not pass for ucs.kmvw-io.de: {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'validationRecord': [{u'url': u'http://ucs.kmvw-io.de/.well-known/acme-challenge/3HzF75dkdjH8al9MN6QuquqK-XKT76YhgOngrkFsYlg', u'hostname': u'ucs.kmvw-io.de', u'addressUsed': u'84.153.195.198', u'port': u'80', u'addressesResolved': [u'84.153.195.198']}, {u'url': u'https://ucs.kmvw-io.de/[https:/ucs.kmvw-io.de/.well-known/acme-challenge/3HzF75dkdjH8al9MN6QuquqK-XKT76YhgOngrkFsYlg', u'hostname': u'ucs.kmvw-io.de', u'addressUsed': u'84.153.195.198', u'port': u'443', u'addressesResolved': [u'84.153.195.198']}], u'url': u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/75460827640/cEDLYQ', u'token': u'3HzF75dkdjH8al9MN6QuquqK-XKT76YhgOngrkFsYlg', u'error': {u'status': 403, u'type': u'urn:ietf:params:acme:error:unauthorized', u'detail': u'Invalid response from https://ucs.kmvw-io.de/[https:/ucs.kmvw-io.de/.well-known/acme-challenge/3HzF75dkdjH8al9MN6QuquqK-XKT76YhgOngrkFsYlg [84.153.195.198]: "\n\n404 Not Found\n\n
Not Found
\n<p"'}, u'validated': u'2022-02-05T11:37:56Z', u'type': u'http-01'}], u'identifier': {u'type': u'dns', u'value': u'ucs.kmvw-io.de'}, u'expires': u'2022-02-12T11:37:54Z'}My web server is (include version): Apache 2.4.25-3+deb9u12A~4.4.8.202202021239
The operating system my web server runs on is (include version): Univention Corporate Server 4.4.8 based on Debian GNU/Linux 9 (stretch)
My hosting provider, if applicable, is: self-hosted
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): PuTTy with root permissions, web-interface
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): Univention Letsencrypt Version 1.2.2-20, contains acme.py but no "certbot"