I have a domain capitalzone.in and i am using letsencrypt for a long time on this. The cerificate expired on 28th and its not generating new SSL .. The log says } 2022-01-06 10:28:06,983EBUG:acme.client:Storing nonce: 000149VJZh8k3Lk6J5I1kpx_0mynd599JAfelSd-13Jyg0Y 2022-01-06 10:28:06,984:WARNING:certbot.auth_handler:Challenge failed for domain capitalzone.in 2022-01-06 10:28:06,984:INFO:certbot.auth_handler:http-01 challenge for capitalzone.in 2022-01-06 10:28:06,984EBUG:certbot.reporter:Reporting to user: The following errors were reported by the server: Domain: capitalzone.in Type: unauthorized Detail: Invalid response from http://capitalzone.in/.well-known/acme-challenge/yPV7TQYuNhbh5dN9hmfLYnCW4HWGxUW-qPmXDC2DqKU [3.33.152.147]: 404 To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. 2022-01-06 10:28:06,985EBUG:certbot.error_handler:Encountered exception: Traceback (most recent call last): File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 91, in handle_authorizations self._poll_authorizations(authzrs, max_retries, best_effort) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 180, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') AuthorizationError: Some challenges have failed.
The site might use .htaccess rules or nginx rewrite rules that redirects .well-known/acme-challenge/ part of the URL to a wrong location. Or not all requests for this domain name end up at this server e.g. because you host it on multiple systems and request get split by a load balancer. You can try this, run: touch /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/test.txt you must then be able to reach the newly created test file with: http://capitalzone.in/.well-known/acme-challenge/test.txt
i noticed one thing in DNS zone file... * entry points to my server but @ entry points to amazon aws www is pointing correctly to my server .. is that the reason? earlier host was amazon aws
Probably yes. Fix DNS, wait a bit, then run the command: certbot renew and finally you probably have to restart the web server program if certbot showed you that it was able to renew the SSL cert now.
I removed the @ IP address entries which were pointing to old amazon aws servers ... then I did unclick-LE->save .. then enabale and again save. That worked