Question

Rewew expired cerbot not working Ubuntu 18.04

Posted August 3, 2021 110 views
Ubuntu 18.04

My ssl certificates expired 2 days ago and I am trying to renew it using the command sudo certbot renew.

I already successfully updated previous certs but here it does not seem to be working on Ubuntu 18.04.

The following error shows up:

`Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/mydomain.com.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.mydomain.com
http-01 challenge for mydomain.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (mydomain.com) from /etc/letsencrypt/renewal/mydomain.com.conf produced an unexpected error: Failed authorization procedure. mydomain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://mydomain.com/.well-known/acme-challenge/tu7ksTdaD9LfSTImZHEuqFZCU1BmcjgKQpLodJVXAHs [159.89.207.19]: “<!DOCTYPE html>\n<html lang="en">\n <head>\n <meta charset="utf-8">\n <title>Page not found</title>\n <link h”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mydomain.com/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mydomain.com/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: mydomain.com
Type: unauthorized
Detail: Invalid response from
https://mydomain.com/.well-known/acme-challenge/tu7ksTdaD9LfSTImZHEuqFZCU1BmcjgKQpLodJVXAHs
[159.89.207.19]: “<!DOCTYPE html>\n<html lang="en">\n <head>\n
<meta charset="utf-8">\n <title>Page not found</title>\n
<link h”
`

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi,

You can try to use a standalone web server instead of Apache plugin. Test it due to the following steps. As long as you use --dry-run option, you do not make any changes.

1. Stop Apache service.

sudo systemctl stop apache2

2. Run certbot with certonly subcommand using --standalone temporarily spun-up web server. Specify all the (sub)domains you want to have certificate for using -d parameter. certbot in certonly mode does not install the certificate, just obtains/renews it.

sudo certbot certonly --standalone --dry-run -d mydomain.com -d www.mydomain.com -d etc.mydomain.com

3. Start Apache service.

sudo systemctl start apache2

If above test is successfully completed, you can repeat these steps removing --dry-run option. I recommend taking droplet’s snapshot before that, just in case.

Let us know how it works.

  • Hi Yannek,

    thanks for your reply.

    this command
    sudo certbot certonly --standalone --dry-run -d mydomain.com -d www.mydomain.com -d etc.mydomain.com

    gives the following error:

    `
    sudo certbot certonly –standalone –dry-run -d www.mydomain.sg -d mydomain.sg
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator standalone, Installer None
    Cert is due for renewal, auto-renewing…
    Renewing an existing certificate
    An unexpected error occurred:
    The request message was malformed :: Method not allowed
    Please see the logfiles in /var/log/letsencrypt for more details.

    • Hi again,

      Let’s see what certbot related packages you have installed…

      apt list --installed | grep --regexp 'certbot'
      

      …and whether they are upgradable…

      sudo apt update && apt list --upgradable | grep --regexp 'certbot'
      

      Can you share the results, pls.

      • Hi Yannek,

        So we have this for the first command:

        apt list --installed | grep --regexp 'certbot'
        

        Output:

        WARNING: apt does not have a stable CLI interface. 
        
        Use with caution in scripts.
        
        certbot/now 0.28.0-1+ubuntu18.04.1+certbot+4 all [installed,upgradable to: 0.31.0-2~deb10u1+ubuntu18.04.1+certbot+3]
        python-certbot-apache/bionic,now 0.31.0-1+ubuntu18.04.1+certbot+1 all [installed]
        python3-acme/now 0.28.0-1+ubuntu18.04.1+certbot+3 all [installed,upgradable to: 0.31.0-2+ubuntu18.04.3+certbot+2]
        python3-augeas/bionic,now 0.5.0-1+ubuntu18.04.1+certbot+1 all [installed,automatic]
        python3-certbot/now 0.28.0-1+ubuntu18.04.1+certbot+4 all [installed,upgradable to: 0.31.0-2~deb10u1+ubuntu18.04.1+certbot+3]
        python3-certbot-apache/now 0.28.0-1+ubuntu18.04.1+certbot+3 all [installed,upgradable to: 0.31.0-1+ubuntu18.04.1+certbot+1]
        python3-configobj/bionic,now 5.0.6-2+ubuntu18.04.1+certbot+1 all [installed]
        python3-future/bionic,now 0.15.2-4+ubuntu18.04.1+certbot+3 all [installed,automatic]
        python3-josepy/bionic,now 1.1.0-2+ubuntu18.04.1+certbot+1 all [installed,automatic]
        python3-parsedatetime/bionic,now 2.4-3+ubuntu18.04.1+certbot+3 all [installed,automatic]
        python3-requests-toolbelt/bionic,now 0.8.0-1+ubuntu18.04.1+certbot+1 all [installed,automatic]
        python3-zope.component/bionic,now 4.3.0-1+ubuntu18.04.1+certbot+3 all [installed,automatic]
        python3-zope.hookable/bionic,now 4.0.4-4+ubuntu18.04.1+certbot+1 amd64 [installed,automatic]
        python3-zope.interface/bionic,now 4.3.2-1+ubuntu18.04.1+certbot+1 amd64 [installed]`
        

        and this for the second one:

        sudo apt update && apt list --upgradable | grep --regexp 'certbot'
        

        Output:

        Hit:1 https://repos.sonar.digitalocean.com/apt main InRelease
        Hit:2 http://mirrors.digitalocean.com/ubuntu bionic InRelease
        Get:3 http://mirrors.digitalocean.com/ubuntu bionic-updates InRelease [88.7 kB]
        Get:4 http://mirrors.digitalocean.com/ubuntu bionic-backports InRelease [74.6 kB]
        Hit:5 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic InRelease
        Get:6 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
        Get:7 http://mirrors.digitalocean.com/ubuntu bionic-updates/main amd64 Packages [2161 kB]
        Get:8 http://mirrors.digitalocean.com/ubuntu bionic-updates/multiverse amd64 Packages [31.0 kB]
        Fetched 2444 kB in 1s (2009 kB/s)
        Reading package lists... Done
        Building dependency tree
        Reading state information... Done
        125 packages can be upgraded. Run 'apt list --upgradable' to see them.
        
        WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
        
        certbot/bionic 0.31.0-2~deb10u1+ubuntu18.04.1+certbot+3 all [upgradable from: 0.28.0-1+ubuntu18.04.1+certbot+4]
        python3-acme/bionic 0.31.0-2+ubuntu18.04.3+certbot+2 all [upgradable from: 0.28.0-1+ubuntu18.04.1+certbot+3]
        python3-certbot/bionic 0.31.0-2~deb10u1+ubuntu18.04.1+certbot+3 all [upgradable from: 0.28.0-1+ubuntu18.04.1+certbot+4]
        python3-certbot-apache/bionic 0.31.0-1+ubuntu18.04.1+certbot+1 all [upgradable from: 0.28.0-1+ubuntu18.04.1+certbot+3]
        
        edited by bobbyiliev