Checked forum, but still can't fix LetsEncrypt not working...

Hello,
I checked https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ and still don't understand why my working SSL cert did not renew after expiring today.

Below, I'm pasting the last section of my letsencrypt.log (I've change the domain name and ip address for security reasons, but can make that info available privately upon request).

2020-09-29 12:13:05,265EBUG:certbot.error_handler:Calling registered functions
2020-09-29 12:13:05,265:INFO:certbot.auth_handler:Cleaning up challenges
2020-09-29 12:13:05,266EBUG:certbot.plugins.webroot:Removing /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/_GvGuW4nCfjlRxPSvPGeDq8FnqTBNZoBua7sUCIF8Pw
2020-09-29 12:13:05,266EBUG:certbot.plugins.webroot:All challenges cleaned up
2020-09-29 12:13:05,266:WARNING:certbot.renewal:Attempting to renew cert (mysubdomain.mydomain.com) from /etc/letsencrypt/renewal/mysubdomain.mydomain.com.conf produced an unexpected error: Failed authorization procedure. mysubdomain.mydomain.com (http-01): urn:ietfarams:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mysubdomain.mydomain.com/.we...e/_GvGuW4nCfjlRxPSvPGeDq8FnqTBNZoBua7sUCIF8Pw [199.99.99.99]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\r\n<html dir=ltr>\r\n\r\n<head>\r\n<style>\r\na:link\t\t\t{font:8pt/11pt verdana; col". Skipping.
2020-09-29 12:13:05,274EBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 430, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1197, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 115, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 305, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 334, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 370, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 155, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 226, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. mysubdomain.mydomain.com (http-01): urn:ietfarams:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mysubdomain.mydomain..com/.w...e/_GvGuW4nCfjlRxPSvPGeDq8FnqTBNZoBua7sUCIF8Pw [199.99.99.99]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\r\n<html dir=ltr>\r\n\r\n<head>\r\n<style>\r\na:link\t\t\t{font:8pt/11pt verdana; col"

2020-09-29 12:13:05,276:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2020-09-29 12:13:05,280:ERROR:certbot.renewal: /etc/letsencrypt/live/mysubdomain.mydomain..com/fullchain.pem (failure)
2020-09-29 12:13:05,281EBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.27.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1364, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1276, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 455, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)

I'm hoping the above provides sufficient info for you to reply with a suggested solution or further diagnostics to perform. Thank you.

 

This is a 3 month old VPS (Server running Ubuntu 18.04 with NGINX).

I used the automated script referenced at HowToForge.com ( https://www.howtoforge.com/tutorial/ubuntu-ispconfig-automated-install-script/ )to install MariaDb, Nginx, PHP... and the then current ISPconfig. So this server is running the latest non-beta version of ISPconfig.

So, I expect the "certbot" is correct, as long as the install script is correct.

I'm checking into the other possible reasons in the FAQ, but I'm stumped.

 

At /var/www/clients/client1/web1/ssl/
There are three files: mysubdomain.mydomain.com-le.bundle, mysubdomain.mydomain.com-le.crt, and mysubdomain.mydomain.com-le.key
All three files have a lastModified data of 2020-06-30. The cert is expired as of September 28, 2020. I thought SSL certificates were supposed to last 1 year. Anyway, it's failing to renew the cert.

In ISPconfig, under Website in the domain tab, this domain mysubdomain.mydomain.com had the "WWW" selected in the drop-list just above the SSL and LetsEncrypt checkboxes. I added an A Record in my DNS (at Godaddy) as follows: Type: A, Name: www.mysubdomain, Value: 199.99.99.99 TT: 600 seconds.

Eventually, I removed the "WWW" in the ISPconfig drop-list.

I need only mysubdomain.mydomain.com to function. And, this A Record is also set for 600 seconds. It's been more than 4 hours since these DNS changes. I'm not using Bind in the VPS so the Godaddy DNS records should be valid.

This is a live eCommerce site that's down so really need to fix this as my top priority. Any further suggestions leading to a fix would be appreciated. Thank you.

 

Hi Th0m
I just sent you a private message using Conversations on this website.
Thanks.