"sudo certbot renew --dry-run" renew failure
I try to run "sudo certbot renew --dry-run" to renew SSL on domain https://websitediscuss.com/. I got message as following:
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for websitediscuss.com
tls-sni-01 challenge for www.websitediscuss.com
nginx: [warn] conflicting server name "www.websitediscuss.com" on 0.0.0.0:443, ignored
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (websitediscuss.com) from /etc/letsencrypt/renewal/websitediscuss.com.conf produced an unexpected error: Failed authorization procedure. websitediscuss.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested bb3ed13c7161788cc68488476b28ad62.0d9ce89532be187432501bbb1c963275.acme.invalid from [2600:3c02::f03c:91ff:feca:e88]:443. Received 2 certificate(s), first certificate had names "websitediscuss.com, www.websitediscuss.com", www.websitediscuss.com (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 47bba7d8877174a5ddf9a41cabc1ec5e.f72b6ef060ba18e2ea6e4d6c6453cd9d.acme.invalid from [2600:3c02::f03c:91ff:feca:e88]:443. Received 2 certificate(s), first certificate had names "websitediscuss.com, www.websitediscuss.com". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/websitediscuss.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/websitediscuss.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: websitediscuss.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
bb3ed13c7161788cc68488476b28ad62.0d9ce89532be187432501bbb1c963275.acme.invalid
from [2600:3c02::f03c:91ff:feca:e88]:443. Received 2
certificate(s), first certificate had names "websitediscuss.com,
www.websitediscuss.com"Domain: www.websitediscuss.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
47bba7d8877174a5ddf9a41cabc1ec5e.f72b6ef060ba18e2ea6e4d6c6453cd9d.acme.invalid
from [2600:3c02::f03c:91ff:feca:e88]:443. Received 2
certificate(s), first certificate had names "websitediscuss.com,
www.websitediscuss.com"To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Could anyone help me fix this problem?
Thank you,
Haksrun
3 Replies
Fix your nginx first: nginx: [warn] conflicting server name "www.websitediscuss.com" on 0.0.0.0:443, ignored
Here is my nginx config
server {
listen 80;
server_name websitediscuss.com www.websitediscuss.com;
}
server {
root /var/www/html/websitediscuss/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name websitedisucss.com www.websitediscuss.com;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.1-fpm.sock;
}
location ~ /.ht {
deny all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/websitediscuss.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/websitediscuss.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
location ~* .(jpg|jpeg|png|gif|ico|css|js|pdf)$ {
expires 7d;
}
}