Hi, I've successfully installed before, and also renewed once before in July. Renewal started failing for me.
Command: certbot-auto renew --dry-run
Output:
- The following errors were reported by the server:
Domain: <domain>
Type: unauthorized
Detail: Invalid response from
<domain>/.well-known/acme-challenge/iBzlkeJb6BQ-j726sPPbYJvaE30kQjyzzTHiDHlwzDM
<ipv6>: "<!DOCTYPE HTML PUBLIC
\"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I've never had to create that file before and it doesn't tell me how. My site is protected behind basic authentication anyway so the outside bot never would have been able to reach the site. I've also never create a TXT dns field. Why is renew
asking me for this? In July, certbot-auto renew
worked fine.
I have a dim memory that when I installed, I did a standalone or certonly option, from not wanting to mess with my apache config. So now, when I stopped apache and ran:
certbot-auto --standalone renew --dry-run
It succeeded, but when I then ran:
certbot-auto --standalone renew
It failed. It took me a while to realize that the --dry-run command had actually restarted apache. So then I stopped apache again, and ran
certbot-auto --standalone renew
again, and it succeeded.
So hooray, I am renewed now. But I don't know why the renew
command started believing I had an acme-challenge file. Is it possible I started with an earlier certbot version that upgraded itself in a way that screwed things up?
I just realized that
> certbot-auto renew --pre-hook "service apache2 stop" --post-hook "service apache2 start"
will work for me going forward, so I guess I've solved my problem. But I'll leave this up in case it helps someone else. Disconcerting how the right command changes over time, because I thought I had auto-renewal working.