Hi guys, I know how many times in our line of work we’ve heard “it worked some time ago and now it doesn’t” - but here I am :). 3-4 months ago the certificate renewed without any issues - now I can’t renew it any longer. No modifications were done on the server from what I can currently tell, certbot wasn’t updated.
My domain is: *.camlinrail.com
I ran this command: certbot renew
It produced this output:
Cert is due for renewal, auto-renewing…
Found credentials in shared credentials file: ~/.aws/credentials
Plugins selected: Authenticator dns-route53, Installer None
Renewing an existing certificate
/opt/letsencrypt/local/lib/python2.7/site-packages/josepy-1.0.1-py2.7.egg/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
- signer = key.signer(self.padding, self.hash)*
Performing the following challenges:
dns-01 challenge for camlinrail.com
Starting new HTTPS connection (1): route53.amazonaws.com
Waiting 10 seconds for DNS changes to propagate
Waiting for verification…
Cleaning up challenges
Resetting dropped connection: route53.amazonaws.com
Attempting to renew cert (camlinrail.com) from /etc/letsencrypt/renewal/camlinrail.com.conf produced an unexpected error: Failed authorization procedure. camlinrail.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record “bwcJPk9MVJaIrp58aJuvLibsBRMx8-AggSSyOYQfDmw” found at _acme-challenge.camlinrail.com. Skipping.
All renewal attempts failed. The following certs could not be renewed: - /etc/letsencrypt/live/camlinrail.com/fullchain.pem (failure)*
-------------------------------------------------------------------------------
The following certs are not due for renewal yet:
- /etc/letsencrypt/live/dev.totuspro.com/fullchain.pem expires on 2019-11-16 (skipped)*
- /etc/letsencrypt/live/server01.totuspro.com/fullchain.pem expires on 2019-10-18 (skipped)*
All renewal attempts failed. The following certs could not be renewed: - /etc/letsencrypt/live/camlinrail.com/fullchain.pem (failure)*
-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
- The following errors were reported by the server:*
-
Domain: camlinrail.com*
-
Type: unauthorized*
-
Detail: Incorrect TXT record*
-
“bwcJPk9MVJaIrp58aJuvLibsBRMx8-AggSSyOYQfDmw” found at*
-
_acme-challenge.camlinrail.com*
-
To fix these errors, please make sure that your domain name was*
-
entered correctly and the DNS A/AAAA record(s) for that domain*
-
contain(s) the right IP address.*
My web server is: Apache 2.4.7-1ubuntu4.9
The operating system my web server runs on is:Ubuntu 14.04
I can login to a root shell on my machine: Yes
I’m using a control panel to manage my site: No
The version of my client is certbot --version 0.23.0