Hello,
I am trying to renew my certificate for multiple domains. The strange behaviour happens for all of them, so I will just write about one of them: finplay.sk
I tried renew subcommand (certbot renew), but the same happens when creating certificate with certonly subcommand:
certbot certonly --webroot -w /var/www/html/finplay/public -d finplay.sk
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for finplay.sk
Using the webroot path /var/www/html/finplay/public for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. finplay.sk (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://finplay.sk.well-known/acme-challenge/Qw2enxtK0uOHfLmg77h9QBDyxPqFJRW0qa7A_tWubZ8: Error getting validation data
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: finplay.sk
Type: connection
Detail: Fetching
https://finplay.sk.well-known/acme-challenge/Qw2enxtK0uOHfLmg77h9QBDyxPqFJRW0qa7A_tWubZ8:
Error getting validation data
You can see that the attempted address is https://finplay.sk.well-known. If this address is tested it obviusly can’t be reached. However it is generated automatically, I don’t know of any configuration rule, that would anyhow control address generation.
I am a bit hopeless here, because my certs need to be renewed.
If I try adding slash to domain name like this:
certbot certonly --webroot -w /var/www/html/finplay/public -d finplay.sk/
it produces error:
Obtaining a new certificate
An unexpected error occurred:
The request message was malformed :: Error creating new authz :: Invalid character in DNS name
Please see the logfiles in /var/log/letsencrypt for more details.
My web server is (include version): Apache/2.4.25
The operating system my web server runs on is (include version):
(uname output) Debian 3.16.43-2+deb8u3 (2017-08-15) x86_64 GNU/Linux
runs in docker container
Just a note, this worked 90 days ago, when certs were created. Maybe also cron renew job was failing due this this error.
Thanks for every idea