Question

Rewew expired cerbot not working Ubuntu 18.04

My ssl certificates expired 2 days ago and I am trying to renew it using the command sudo certbot renew.

I already successfully updated previous certs but here it does not seem to be working on Ubuntu 18.04.

The following error shows up:

`Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/mydomain.com.conf


Cert is due for renewal, auto-renewing… Plugins selected: Authenticator apache, Installer apache Renewing an existing certificate Performing the following challenges: http-01 challenge for www.mydomain.com http-01 challenge for mydomain.com Waiting for verification… Cleaning up challenges Attempting to renew cert (mydomain.com) from /etc/letsencrypt/renewal/mydomain.com.conf produced an unexpected error: Failed authorization procedure. mydomain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://mydomain.com/.well-known/acme-challenge/tu7ksTdaD9LfSTImZHEuqFZCU1BmcjgKQpLodJVXAHs [159.89.207.19]: “<!DOCTYPE html>\n<html lang="en">\n <head>\n <meta charset="utf-8">\n <title>Page not found</title>\n <link h”. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/mydomain.com/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/mydomain.com/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi,

You can try to use a standalone web server instead of Apache plugin. Test it due to the following steps. As long as you use --dry-run option, you do not make any changes.

1. Stop Apache service.

sudo systemctl stop apache2

2. Run certbot with certonly subcommand using --standalone temporarily spun-up web server. Specify all the (sub)domains you want to have certificate for using -d parameter. certbot in certonly mode does not install the certificate, just obtains/renews it.

sudo certbot certonly --standalone --dry-run -d mydomain.com -d www.mydomain.com -d etc.mydomain.com

3. Start Apache service.

sudo systemctl start apache2

If above test is successfully completed, you can repeat these steps removing --dry-run option. I recommend taking droplet’s snapshot before that, just in case.

Let us know how it works.