Renewing Let's Encrypt certificate

Batpurev_Batchuluun · June 8, 2021, 9:17am

Dear Gurus,

I am using LetsEncrypt for my production server and recently the certificate is expired. I tried to renew it by running

sudo ~/mycertbot/bin/certbot certonly --dry-run --webroot -w /opt/indico/.venv/lib/python2.7/site-packages/indico/web/static -d my.domain.mn

but it give following error.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

does anyone know how to fix this please.

thanks

Batpurev_Batchuluun · June 8, 2021, 9:20am

by running with option -v
it give following error.

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: my.domain.com
  Type:   unauthorized
  Detail: Invalid response from https://my.domain.com/.well-known/acme-challenge/rXg6KM2Z4k_R8354C8rG7kxt-CpMqYFoHLju8pGximQ [202.5.205.42]: "<!DOCTYPE html>\n\n<html prefix=\"og: http://ogp.me/ns#\"\n      data-static-site=\"false\">\n<head>\n    <title>Title"

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Cleaning up challenges
Some challenges have failed.

ThiefMaster · June 8, 2021, 9:29am

The command you are using is wrong. Indico does not provide a webroot for it, but certbot should be able to configure your webserver to serve the challenge automatically anyway.

Assuming you installed certbot as mentioned in the docs, there should be a cronjob / systemd timer to automatically renew the certificates. So I would recommend you to check its status and see why that one fails, instead of manually running certbot…

Batpurev_Batchuluun · June 9, 2021, 9:15am

I have cronjob installed as follows:

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew

if i run certbot renew command following error appears

Failed to renew certificate my.domain.mn with error: The requested apache plugin does not appear to be installed

yum install python-certbot-apache

says:

Package python2-certbot-apache-1.11.0-1.el7.noarch already installed and latest version
Nothing to do

I dont know why it is failing. Searching on the internet tells me to run it

certbot certonly

this command asks for web root folder of the website.

ThiefMaster · June 9, 2021, 9:18am

I think you may be better off asking in https://community.letsencrypt.org/ - we do not run certbot ourselves, so it’d just be random guessing what coul be going wrong…

Batpurev_Batchuluun · September 16, 2021, 7:12am

if anyone has similar issue here is some helpful link:

and I added cron job to renew the certificate for every 60 days using below script:

service httpd stop
certbot renew
service httpd start

then added this to cron job using

crontab -e 
0 5 */60 * *   /root/ssl_renew.sh