DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Question

Let's Encrypt Auto Renew Fails

I followed this tutorial: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04

I got to the part where the command is ./letsencrypt-auto and it returns this:

Failed authorization procedure. example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/QPUDzybZszvcrjQ1a7ShzMHBbiq8pYCmbN1y8p_K5Dw [server_ip]: 404, www.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.example.com/.well-known/acme-challenge/VtyUCMvp2hX_80e-x84T-X8Be94xPiPiPsBxbj_pP04 [server_ip]: 404

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: example.com
   Type:   unauthorized
   Detail: Invalid response from http://example.com/.well-known
   /acme-challenge/QPUDzybZszvcrjQ1a7ShzMHBbiq8pYCmbN1y8p_K5Dw
   [server_ip]: 404

   Domain: www.example.com
   Type:   unauthorized
   Detail: Invalid response from http://www.example.com/.well-
   known/acme-challenge/VtyUCMvp2hX_80e-x84T-X8Be94xPiPiPsBxbj_pP04
   [server_ip]: 404

The site redirects to https automatically using nginx config, and this error is returned whenever i run the renewal command.

The directory .well-known exists on the server, even in the browser it returns 404, which I don’t know why.

Show comments
Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Sign up now

AtAForkDecember 23, 2016

Solve issue of the same exact error message and 404 as @mrparker had. What I did was:

  1. realized I was missing a .well-known folder for some reason, so I added an empty one with mkdir .well-known
  2. ran sudo letsencrypt certonly -a webroot --webroot-path=/var/www/html -d example.com -d www.example.com and it renewed it properly and gave me the “congrats!” message
  3. then I sudo service nginx reload and then sudo letsencrypt renew --force-renew and I no longer got the 404 error for the renew, then did sudo service nginx reload again

Hope this helps someone.

mylonasg88November 2, 2016

I had exactly same problem and all my attempts to renew failed. I run this and it renewed my certificate:

/root/certbot-auto renew --force-renew

The interesting part is that my certificate was expired 100% but when I run plain renew I had the following message:

/root/certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/i_wont-tell-you-my-domain.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/i_wont-tell-you-my-domain.com/fullchain.pem (skipped)
No renewals were attempted.

I suspect there is a bug with letsencrypt yet.

rob107421March 30, 2017

more a suggestion than an answer: It sucks if the renewal breaks and you don’t realise.

I wrote https://IsItWorking.info to let you monitor your SSL certificates. It warns you if they get close to expiry. That way if something goes wrong in future, you’ll be notified.

and yes, it uses Let’s Encrypt and is hosted on DO :)

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up