lets encrypt certificate expired

Discussion in 'Installation/Configuration' started by florix.net, Jan 6, 2022.

Tags:
  1. florix.net

    florix.net Member

    I have a domain capitalzone.in and i am using letsencrypt for a long time on this.

    The cerificate expired on 28th and its not generating new SSL ..

    The log says

    }
    2022-01-06 10:28:06,983:DEBUG:acme.client:Storing nonce: 000149VJZh8k3Lk6J5I1kpx_0mynd599JAfelSd-13Jyg0Y
    2022-01-06 10:28:06,984:WARNING:certbot.auth_handler:Challenge failed for domain capitalzone.in
    2022-01-06 10:28:06,984:INFO:certbot.auth_handler:http-01 challenge for capitalzone.in
    2022-01-06 10:28:06,984:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

    Domain: capitalzone.in
    Type: unauthorized
    Detail: Invalid response from http://capitalzone.in/.well-known/acme-challenge/yPV7TQYuNhbh5dN9hmfLYnCW4HWGxUW-qPmXDC2DqKU [3.33.152.147]: 404

    To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
    2022-01-06 10:28:06,985:DEBUG:certbot.error_handler:Encountered exception:
    Traceback (most recent call last):
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
    File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
    AuthorizationError: Some challenges have failed.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The site might use .htaccess rules or nginx rewrite rules that redirects .well-known/acme-challenge/ part of the URL to a wrong location. Or not all requests for this domain name end up at this server e.g. because you host it on multiple systems and request get split by a load balancer.

    You can try this, run:

    touch /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/test.txt

    you must then be able to reach the newly created test file with:

    http://capitalzone.in/.well-known/acme-challenge/test.txt
     
  3. florix.net

    florix.net Member

    i noticed one thing in DNS zone file...

    * entry points to my server but @ entry points to amazon aws

    www is pointing correctly to my server .. is that the reason?

    earlier host was amazon aws
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Probably yes. Fix DNS, wait a bit, then run the command:

    certbot renew

    and finally you probably have to restart the web server program if certbot showed you that it was able to renew the SSL cert now.
     
  5. florix.net

    florix.net Member

    I removed the @ IP address entries which were pointing to old amazon aws servers ... then I did unclick-LE->save .. then enabale and again save. That worked
     

Share This Page