Update to Certbot last version on Debian 8/NGinx


Hello everyone, I have the SSL certificate on my mail server that has expired, I tried to renew it, but no command worked. I remembered it was an older version of LetsEncrypt. So I installed Certbot, but I’m afraid there is now a double configuration. Here is the message at the end of the installation.

My domain is: srv-mail.kameleonfr
My web server is (include version): Debian Jessie (GNU/Linux 4.5.7-std-3 x86_64 )

It produced this output:

Attempting to parse the version 0.26.0 renewal configuration file found at /etc/letsencrypt/renewal/srv-mail.kameleon.fr.conf with version 0.10.2 of Certbot. This might not work.
Obtaining a new certificate
An unexpected error occurred:
The request message was malformed :: Error creating new authz :: Name does not end in a public suffix
Please see the logfiles in /var/log/letsencrypt for more details.


  • If you lose your account credentials, you can recover through
    e-mails sent to kameleon1er@gmail.com.
  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

Thanks for your help.


Hi @kameleon1er

your configuration file is too old. But you can use certbot directly, not with the renew option

sudo certbot

Then the new configuration should be saved. Or empty your /etc/letsencrypt/renewal - folder (create a backup before).

Isn’t this a typo? srv-mail.kameleonfr instead of srv-mail.kameleon.fr - one dot is missing.


Hi Juergen, thanks for help :slight_smile:

Blockquote Isn’t this a typo? srv-mail.kameleonfr

-Yes it is :wink:

I’m doing what you say and I’m not sure what I have to put after the Certbot last line :

1: Place files in webroot directory (webroot)
2: Spin up a temporary webserver (standalone)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel):srv-mail.kameleon.fr
Attempting to parse the version 0.26.0 renewal configuration file found at /etc/letsencrypt/renewal/srv-mail.kameleon.fr.conf with version 0.10.2 of Certbot. This might not work.
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for srv-mail.kameleon.fr

Select the webroot for srv-mail.kameleon.fr:

1: Enter a new webroot

Press 1 [enter] to confirm the selection (press ‘c’ to cancel): 1
Input the webroot for srv-mail.kameleon.fr: (Enter ‘c’ to cancel):


Certbot want’s your webroot, the path your nginx loads your index - page of


So check your nginx - configuration, there should be a name “root” with the webroot.


Mmm… I found this :

root /var/www/html;

Do I write the complete path like : /var/www/html ?



Looks good (20 character)


Woww !!! :

Input the webroot for srv-mail.kameleon.fr: (Enter ‘c’ to cancel):/var/www
Waiting for verification…
Resetting dropped connection: acme-v01.api.letsencrypt.org
Resetting dropped connection: acme-v01.api.letsencrypt.org
Cleaning up challenges
Failed authorization procedure. srv-mail.kameleon.fr (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://srv-mail.kameleon.fr/.well-known/acme-challenge/786DbcTJU1iX0vCax6fPGHB_ZXVSgEktGD2b9cou8Lo: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found




I have to check this subdomain configuration i guess.


Your “/html” is missing


Woahooo :smiley: You save my day !!! Merci :


  • Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/srv-mail.kameleon.fr/fullchain.pem. Your cert
    will expire on 2019-01-14. To obtain a new or tweaked version of
    this certificate in the future, simply run certbot again. To
    non-interactively renew all of your certificates, run “certbot


But … :face_with_raised_eyebrow:

SSL Report: srv-mail.kameleon.fr (
Assessed on: Tue, 16 Oct 2018 15:35:12 UTC

Assessment failed: Unable to connect to the server


Firewall? No running webserver?


Ok, I’m really newbie with Nginx, I forgot to stop and restart the server. Done ! Now on “crt.sh” I see the cert :


Yes, maybe firewall issue. I will ask my colleague who deployed this server. In any case, the certificate is present, it’s a good start. :slight_smile:

Thanks again for your time. Have a good day :wink:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.