Wildcard Renewal Error



My domain is:vhost.fr

I ran this command:certbot renew

It produced this output:
[root@dns ]# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/vhost.fr.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator dns-rfc2136, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for vhost.fr
dns-01 challenge for vhost.fr
Cleaning up challenges
Attempting to renew cert (vhost.fr) from /etc/letsencrypt/renewal/vhost.fr.conf produced an unexpected error: Received response from server: SERVFAIL. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/vhost.fr/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/vhost.fr/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My server is (include version): CentOS 7.5 (bind 9.9.4)

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: my

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I ran this command:certbot certificates
It produced this output:
[root@dns]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: vhost.fr
Domains: *.vhost.fr vhost.fr
Expiry Date: 2018-07-12 18:15:51+00:00 (VALID: 6 days)
Certificate Path: /etc/letsencrypt/live/vhost.fr/fullchain.pem
Private Key Path: /etc/letsencrypt/live/vhost.fr/privkey.pem


The nsupdate failed. Go check your BIND (or whatever nameserver you are using) logs.

It’s probably the same cause as last time you had this issue: SERVFAIL - Wildcard DNS01 Bind


The IPv6 address is failing…

Name: vhost.fr
Addresses: 2a01:cb00:817a:8b00:7e03:d8ff:fea9:4f24

LE prefers IPv6 and will not use IPv4 when IPv6 exists.



My problem seems different. There is no error on the file rights in the logs.
The trouble seems to come from the file /etc/letsencrypt/reneval/vhost.fr.conf which causes an unexpected error.

The letsencrypt.log file contains:
DEBUG: requests.packages.urllib3.connectionpool: “HEAD /acme/new-order HTTP/1.1” 405 0
HTTP 405

content-type: application/problem+json


DEBUG:certbot.error_handler:Encountered exception :
File “…/auth_handler.py”, line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)


I don’t think so. The original error you pasted is very clear that the nsupdate is the cause of the failure.

I’m not sure what this HEAD error is about when looking at it out of context. If you can post the full log, it would be clearer.



You were right. I am very sorry. It is a problem of right on the directory /var /named/ which makes that the file .jnl can not be created.

It is all good. My certificate has been renewed.

Thank you very much.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.