Category Archives: Linux

Renew SSL cert with letsencrypt

Lately I have been playing around with lets encrypt. Wanted to get away from self signed certs, this gives a more professional aspect to the website. Installation was pretty easy to tell the truth, I just followed the following manual from Digital Ocean. Issue came with the cert renewal process. Letsencrypt renews via http, not https, so testing the renewal was failing.

user@computer:$ certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mail.example.org.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.example.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/mail.example.org.conf produced an unexpected error: Failed authorization procedure. mail.example.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.example.org/.well-known/acme-challenge/CbWS7lLTfZZe-z-ctdOhaxUe9ZhDi6iuGkxMv57xDbQ: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>". Skipping.
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mail.example.org/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: mail.example.org
Type: unauthorized
Detail: Invalid response from
http://mail.example.org/.well-known/acme-challenge/CbWS7lLTfZZe-z-ctdOhaxEe9ZhDi6iuGzxMv57xDbQ:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

Continue reading