Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Renewal failed on challenge webroot #223

Closed
deno028 opened this issue Jan 12, 2024 · 5 comments
Closed

Renewal failed on challenge webroot #223

deno028 opened this issue Jan 12, 2024 · 5 comments

Comments

@deno028
Copy link

deno028 commented Jan 12, 2024

I run this successfully on creating new ssl certificate but it failed on renewal.

Here is a part from error log I got.

Invalid response from **https**://[mydomain].well-known/acme-challenge/FAnpUAtqI_Z1M35A0Y9QgOaif-DwiuCQhTxsQAxal1U: 403

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Althought existing t /etc/nginx/conf.d/redirector.conf
server {
# Listen on plain old HTTP and catch all requests so they can be redirected
# to HTTPS instead.
listen 80 default_server reuseport;
listen [::]:80 default_server reuseport;

# Anything requesting this particular URL should be served content from
# Certbot's folder so the HTTP-01 ACME challenges can be completed for the
# HTTPS certificates.
location '/.well-known/acme-challenge' {
    default_type "text/plain";
    root /var/www/letsencrypt;
}

# Everything else gets shunted over to HTTPS for each user defined
# server to handle.
location / {
    return 301 https://$http_host$request_uri;
}

}
@deno028
Copy link
Author

deno028 commented Jan 12, 2024

Certbot version: 2.7.0

After checking more inside container and run manually I got this error:

root@9c48b818ed57:/# certbot --nginx renew -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/[mydomain.com]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate is due for renewal, auto-renewing...
Failed to renew certificate[mydomain.com] with error: The requested nginx plugin does not appear to be installed

Then I install nginx plugin for certbot by running this command:
apt-get install python3-certbot-nginx

Rerun renew command inside container:
certbot renew

Now it successful renewal.

@JonasAlfredsson
Copy link
Owner

Hi deno028,

It looks like certbot is trying to perform the renewal going through HTTPS instead of the HTTP path we expect. How does the rest of you configurations look like?

@JonasAlfredsson
Copy link
Owner

Any updates on this?

@deno028
Copy link
Author

deno028 commented Jan 25, 2024

On my last comment. I ran it successfully after install nginx module.

I think something wrong with the renewal challenge it should be called http instead of https.

@JonasAlfredsson
Copy link
Owner

I still think there is something iffy with the rest of the config. But if you are happy with your solution we close this issue :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@deno028 @JonasAlfredsson