DigitalOcean

Question

My certbot renewal is failing and I'm not sure how to fix it.

Hey! I’m trying to figure out how to renew my SSL certificate. I ran certbot renew and got the followinng;

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/budgie.eco.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for budgie.eco and www.budgie.eco

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: www.budgie.eco
  Type:   unauthorized
  Detail: 2400:cb00:2049:1::adf5:3a33: Invalid response from http://www.budgie.eco/.well-known/acme-challenge/y2VuDfb1cMfTzb-51udcDMvMZEcgv_QmUdUiZl6gpCE: 409

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Failed to renew certificate budgie.eco with error: Some challenges have failed.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/budgie.eco/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Any suggestions on how I can fix it?

Thanks so much

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
January 18, 2024
Accepted Answer

Heya @floatinggreenbluefish,

When I try and open the website, I get;

# Error 1001

 Ray ID: 847965e18f9c1c2f • 2024-01-18 19:55:51 UTC

## DNS resolution error

## What happened?

You've requested a page on a website (www.budgie.eco) that is on the [Cloudflare](https://www.cloudflare.com/5xx-error-landing/) network. Cloudflare is currently unable to resolve your requested domain (www.budgie.eco). There are two potential causes of this:

-   **Most likely:** if the owner just signed up for Cloudflare it can take a few minutes for the website's information to be distributed to our global network.
-   **Less likely:** something is wrong with this site's configuration. Usually this happens when accounts have been signed up with a partner organization (e.g., a hosting provider) and the provider's DNS fails.

Baiscally, I can’t reach your website and this means Let’s Encrypt cant reach it as well to validate the domain.

Bobby Iliev
Site Moderator
Site Moderator badge
January 18, 2024

Hey!

Based on the error message you’ve shared, it seems like the main issue is with the domain www.budgie.eco. The error type ‘unauthorized’ and the detail about an invalid response from the .well-known/acme-challenge directory indicate a problem with the domain validation process. Here are a few steps you can follow to troubleshoot this issue:

  1. First, ensure that both budgie.eco and www.budgie.eco are correctly pointing to the IP address of your DigitalOcean Droplet. You can verify this using a DNS lookup tool:

https://www.digitalocean.com/community/tools/dns

  1. Check your Nginx configuration to make sure that it’s correctly serving the .well-known/acme-challenge directory. This is important for Let’s Encrypt to validate your domain ownership, if not it will fail. Specifically, allow access to the /.well-known directory used by Let’s Encrypt for domain validation. You can do this by adding a rule to your Nginx configuration:
location ~ /.well-known {
  allow all;
}

  1. Running Certbot with the -v flag (verbose mode) can also give you more detailed information about the process and where it might be failing.

  2. If you’ve recently changed DNS settings, remember it can take some time for these changes to propagate. You might just need to wait a little longer.

Let me know how it goes!

Best,

Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Learn more

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Learn more

Featured on Community
Kubernetes CourseLearn Python 3Machine Learning in PythonGetting started with GoIntro to Kubernetes
DigitalOcean Products
CloudwaysVirtual MachinesManaged DatabasesManaged KubernetesBlock StorageObject StorageMarketplaceVPCLoad Balancers
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel
© 2024 DigitalOcean, LLC.Sitemap.