Renewing Let's Encrypt certificate

Dear Gurus,

I am using LetsEncrypt for my production server and recently the certificate is expired. I tried to renew it by running

sudo ~/mycertbot/bin/certbot certonly --dry-run --webroot -w /opt/indico/.venv/lib/python2.7/site-packages/indico/web/static -d my.domain.mn

but it give following error.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

does anyone know how to fix this please.

thanks

by running with option -v
it give following error.

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: my.domain.com
  Type:   unauthorized
  Detail: Invalid response from https://my.domain.com/.well-known/acme-challenge/rXg6KM2Z4k_R8354C8rG7kxt-CpMqYFoHLju8pGximQ [202.5.205.42]: "<!DOCTYPE html>\n\n<html prefix=\"og: http://ogp.me/ns#\"\n      data-static-site=\"false\">\n<head>\n    <title>Title"

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Cleaning up challenges
Some challenges have failed.

The command you are using is wrong. Indico does not provide a webroot for it, but certbot should be able to configure your webserver to serve the challenge automatically anyway.

Assuming you installed certbot as mentioned in the docs, there should be a cronjob / systemd timer to automatically renew the certificates. So I would recommend you to check its status and see why that one fails, instead of manually running certbot…

I have cronjob installed as follows:

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew

if i run certbot renew command following error appears

Failed to renew certificate my.domain.mn with error: The requested apache plugin does not appear to be installed

yum install python-certbot-apache

says:

Package python2-certbot-apache-1.11.0-1.el7.noarch already installed and latest version
Nothing to do

I dont know why it is failing. Searching on the internet tells me to run it

certbot certonly

this command asks for web root folder of the website.

I think you may be better off asking in https://community.letsencrypt.org/ - we do not run certbot ourselves, so it’d just be random guessing what coul be going wrong…

1 Like