Letsencrypt: "Error during automated certificate renewal"

deeoo

Verified User
Joined
Jan 11, 2019
Messages
7
Since a couple of days ago I started getting "Error during automated certificate renewal for friendr.nl" (and several other domains).

I've never had this problem before so what changed?

DirectAdmin: 1.61.3
CentOS 6
Letsencrypt: 2.0.6
letsencrypt=12on directadmin.conf

I get this error:

Code:
Cannot Execute Your Request

Details

2020/07/25 12:38:16 [INFO] [friendr.nl, www.friendr.nl] acme: Obtaining SAN certificate
2020/07/25 12:38:17 [INFO] [friendr.nl] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6100470609
2020/07/25 12:38:17 [INFO] [www.friendr.nl] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6100470610
2020/07/25 12:38:17 [INFO] [friendr.nl] acme: Could not find solver for: tls-alpn-01
2020/07/25 12:38:17 [INFO] [friendr.nl] acme: use http-01 solver
2020/07/25 12:38:17 [INFO] [www.friendr.nl] acme: Could not find solver for: tls-alpn-01
2020/07/25 12:38:17 [INFO] [www.friendr.nl] acme: use http-01 solver
2020/07/25 12:38:17 [INFO] [friendr.nl] acme: Trying to solve HTTP-01
2020/07/25 12:38:22 [INFO] [www.friendr.nl] acme: Trying to solve HTTP-01
2020/07/25 12:38:29 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6100470609
2020/07/25 12:38:29 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6100470609
2020/07/25 12:38:29 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6100470610
2020/07/25 12:38:30 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6100470610
2020/07/25 12:38:30 Could not obtain certificates:
error: one or more domains had a problem:
[friendr.nl] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://friendr.nl/.well-known/acme-challenge/abAyqDBmwRXOhvcGLkWe4cwsuhRMPLnscfCMXY5CZhI [84.22.106.78]: "\n\n\n\n

Not Found
\nTh", url:
[www.friendr.nl] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://www.friendr.nl/.well-known/acme-challenge/D7Ao0-EiafA6LzO3nVcD8SZCU-hCYzQHP_TzmVLQDW4 [84.22.106.78]: "\n\n\n\n
Not Found
\nTh", url:
Certificate generation failed.
The renewals have been working all this time.

Things I've tried:
  1. I've tried downgrading letsencrypt to 2.0.1
  2. I've tried changing letsencrypt=2 to letsencrypt=1 on directadmin.conf
  3. Rebooting
 

deeoo

Verified User
Joined
Jan 11, 2019
Messages
7
It's been a couple of days and I still haven't been able to figure this out. It's a live server with several clients so I can't 'trial and error' too much.

So here's me, trying my best to understand what's going on.

"acme: error: 403"
If I'm correct 403 is a permission error. The 404 in the response supports this.

So I tried the following: I deleted the .well-known/acme-challenge/ directories. I then did the following command line request.
/usr/local/directadmin/scripts/letsencrypt.sh renew friendr.nl 4096

This resulted again in the following
Code:
2020/07/28 13:49:27 [INFO] [friendr.nl, www.friendr.nl] acme: Obtaining SAN certificate
2020/07/28 13:49:29 [INFO] [friendr.nl] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6163947194
2020/07/28 13:49:29 [INFO] [www.friendr.nl] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6163947200
2020/07/28 13:49:29 [INFO] [friendr.nl] acme: Could not find solver for: tls-alpn-01
2020/07/28 13:49:29 [INFO] [friendr.nl] acme: use http-01 solver
2020/07/28 13:49:29 [INFO] [www.friendr.nl] acme: Could not find solver for: tls-alpn-01
2020/07/28 13:49:29 [INFO] [www.friendr.nl] acme: use http-01 solver
2020/07/28 13:49:29 [INFO] [friendr.nl] acme: Trying to solve HTTP-01
2020/07/28 13:49:34 [INFO] [www.friendr.nl] acme: Trying to solve HTTP-01
2020/07/28 13:49:41 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6163947194
2020/07/28 13:49:41 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6163947194
2020/07/28 13:49:41 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6163947200
2020/07/28 13:49:41 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/6163947200
2020/07/28 13:49:41 Could not obtain certificates:
        error: one or more domains had a problem:
[friendr.nl] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://friendr.nl/.well-known/acme-challenge/WgPEy9Rk9MBYz2juXsgT3pTZNlcev2YRqAzMoq0g2Kk [84.22.106.78]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<HTML><HEAD>\n<TITLE>404 Not Found</TITLE>\n</HEAD><BODY>\n<H1>Not Found</H1>\nTh", url:
[www.friendr.nl] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://www.friendr.nl/.well-known/acme-challenge/423i_uXwz299l1hL1Cym7X8cVXL34bRjd7wnHQsOh50 [84.22.106.78]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<HTML><HEAD>\n<TITLE>404 Not Found</TITLE>\n</HEAD><BODY>\n<H1>Not Found</H1>\nTh", url:
Certificate generation failed.
I checked the directory and found an empty /.well-known/acme-challenge/letsencrypt_1595936966 file which I can access through http.
So there's no problem in writing permissions. But letsencrypt is looking for /.well-known/acme-challenge/WgPEy9Rk9MBYz2juXsgT3pTZNlcev2YRqAzMoq0g2Kk but only wrote /.well-known/acme-challenge/letsencrypt_1595936966.

Why?
 

deeoo

Verified User
Joined
Jan 11, 2019
Messages
7
I’ve downgraded letsencrypt from version 2.0.7 to 1.1.42 and it’s working again!

This is partially good news. Good in that it’s all working again. But bad because I can’t upgrade letsencrypt any longer.
 
Top