Let's Encrypt failing to renew certificates since 01/04/17

[Fred.]

Hi,

I'm using the last letsencrypt version from custombuild and it's failing to renew certificates.
It was working before, did anything change?
I use it with OpenSSL 1.1

Subject: Error during automated certificate renewal for example.com
Getting challenge for example.com from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: Invalid response from http://example.com/.well-known/acme-challenge/FfvWbpqDJBYAUWwmQZ3MMqunalnDUq8K7Arxz7WCzH8: \. Exiting...
<br>

Thanks

 

[Richard G]

Did you upgrade to the latest Letsencrypt version being v. 1.08?

 

[Fred.]

Yes, I did.

Latest version of Let's Encrypt client: 1.0.8
Installed version of Let's Encrypt client: 1.0.8

 

[Richard G]

Maybe this thread (click) can help you. Same error notice, with also a couple of possible solutions and settingsm mentioned.

 

[Fred.]

This was the solution

To fix the script for DA 1.50 it's enough to change the following line:

CHALLENGE="`echo "${RESPONSE}" | egrep -o '{[^{]*\"type\":\"http-01\"[^}]*'`"

To:

CHALLENGE="`echo "${RESPONSE}" | awk '/\"type\": \"http-01\"/,/}/'`"

http://forum.directadmin.com/showthread.php?t=53238&p=273107#post273107

 

[Richard G]

To fix the script for DA 1.50

Or maybe upgrade to 1.51.3.

But thanks for posting the solution for posting the solution.

 

[Fred.]

I was on 1.5.3 and the latest Let's Encrypt client: 1.0.8. I always update to the latest versions.
Not sure how this could happen.
If I know the solution I always post it.

 

[Fred.]

It's still not solved...
It was working when I manually ran the update after I changed the script.

 

[Richard G]

How about trying to remove the cerficate completely and create a new one?
I had this issue a little while ago with 1 domain (last month) and this worked for me.

Just put the selection to "Use the server's certificate", save and wait a few minutes.
Then go back and select "Free & automatic certificate from Let's Encrypt" again and install it. After that, wait a couple of minutes, go back to the SSL settings page and check if it says "Let's Encrypt in use. Auto-renewal in XX Days." or use another method to see if this worked.

 

[Fred.]

That doesn't work, same error.

But I noticed all those domains use Cloudflare and have an active certificate from Cloudflare, I believe this is the reason why this isn't working and the challenge is invalid.
So I can let those certificates expire and it should still work with the cloudflare certificate.

 

[Richard G]

That could true indeed. You could test it. However it shouldn't be the case. It's quite possible having multiple certificates on one domain.

Do you have a .htaccess on that domain? Maybe temp disable it and see if it works then.

Luckily Zeiter is back, maybe he can shed some light onto this problem.

 

[Fred.]

No, no .htaccess. I'm using Nginx.
I'll ask Zeiter the next time I contact him, I have a few things...

Thanks Richard