Ultimate-Django3.2-Template icon indicating copy to clipboard operation
Ultimate-Django3.2-Template copied to clipboard

Published 20 hours ago verified publisher icon AliBigdeli

Error when run certbot renew

Open khacnha opened this issue 7 months ago • 0 comments

i used your config for docker and it runs great. Thanks for that.

but now I have a problem when I run certbot renew it gives me an error.

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/website.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for website.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Challenges loaded. Press continue to submit to CA.
Pass "-v" for more info about challenges.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: weboddsdb.com
  Type:   unauthorized
  Detail: Invalid response from http://website.com/.well-known/acme-challenge/0oBiLuhixcb8JLSov4Hlgw46B1mg9h9jMtkemeQAvAE: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Failed to renew certificate website.com with error: Some challenges have failed.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/website.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details

can you help? thanks advance.

i am not sure if this is the cause:

  • we run certbot: with webroot = /vol/www/
certbot certonly \
    --webroot \
    -w "/vol/www/" \
    -d "$DOMAIN" \
    --email $EMAIL \
    --force-renewal \
    --rsa-key-size 4096 \
    --agree-tos \
    --noninteractive
  • but we set in dockerfiles/prod/nginx/config/default-ssl.conf.tpl: root /var/www/certbot 
server {
    listen 80;

    server_name ${DOMAIN} www.${DOMAIN};

    # server logs
    access_log  /var/log/nginx/access_log.log;
    error_log /var/log/nginx/error_log.log;


    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }


    location / {
        return 301 https://${DOMAIN}$request_uri;
    }
}

UPDATE: when i replaced /vol/www/ to /var/www/certbot in all file, it's working now:

khacnha avatar Jul 02 '24 07:07 khacnha