Webinoly is just the perfect tool for NGINX experts. Give it a try!
0 votes
2.0k views
by Talented
edited by

So since today my SSL certificate is expired. I tried renewing manually, but it didn't work. Then I tried -ssl=force-renewal and I got this message:
 

IMPORTANT NOTES:

 - The following errors were reported by the server:

   Domain: mc.lexgabrees.com

   Type:   unauthorized

   Detail: Invalid response from

   https://mc.lexgabrees.com/.well-known/acme-challenge/pQJyz_WebtI9Gp1lKdwtWAr0m3zmkeyNi6cmelnsT5Q

   [64.225.24.62]: "<html>\r\n<head><title>403

   Forbidden</title></head>\r\n<body>\r\n<center><h1>403

   Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"

   To fix these errors, please make sure that your domain name was

   entered correctly and the DNS A/AAAA record(s) for that domain

   contain(s) the right IP address.

SSL Cert - mc.lexgabrees.com$ - has been Forced to Renew!

And this is from the /var/log/letsencrypt/

Domain: mc.lexgabrees.com

Type:   unauthorized

Detail: Invalid response from https://mc.lexgabrees.com/.well-known/acme-challenge/pQJyz_WebtI9Gp1lKdwtWAr0m3zmkeyNi6cmelnsT5Q [64.225.24.62]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n$

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

2020-03-14 09:26:54,444:DEBUG:certbot.error_handler:Encountered exception:

Traceback (most recent call last):

  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations

    self._respond(aauthzrs, resp, best_effort)

  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond

    self._poll_challenges(aauthzrs, chall_update, best_effort)

  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges

    raise errors.FailedChallenges(all_failed_achalls)

certbot.errors.FailedChallenges: Failed authorization procedure. mc.lexgabrees.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response $

2020-03-14 09:26:54,444:DEBUG:certbot.error_handler:Calling registered functions

2020-03-14 09:26:54,445:INFO:certbot.auth_handler:Cleaning up challenges

2020-03-14 09:26:54,445:DEBUG:certbot.plugins.webroot:Removing /var/www/mc.lexgabrees.com/htdocs/.well-known/acme-challenge/pQJyz_WebtI9Gp1lKdwtWAr0m3zmkeyNi6cmelnsT5Q

2020-03-14 09:26:54,446:DEBUG:certbot.plugins.webroot:All challenges cleaned up

2020-03-14 09:26:54,446:DEBUG:certbot.log:Exiting abnormally:

Traceback (most recent call last):

  File "/usr/bin/certbot", line 11, in <module>

    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()

  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main

    return config.func(config, plugins)

  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1250, in certonly

    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)

  File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert

    renewal.renew_cert(config, domains, le_client, lineage)

  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 310, in renew_cert

    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)

  File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate

    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)

  File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations

    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)

  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations

    self._respond(aauthzrs, resp, best_effort)

  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond

    self._poll_challenges(aauthzrs, chall_update, best_effort)

  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges

    raise errors.FailedChallenges(all_failed_achalls)

certbot.errors.FailedChallenges: Failed authorization procedure. mc.lexgabrees.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response $

I'm no SSL / LE expert by any means, but this domain has been working correctly for months, so this was a surprise.

I haven't touched an DNS settings and everything is still the same. DNS is at Cloudflare.

Anybody know how to solve this ? 
 

1 Answer

0 votes
by Rookie
If you are using cloudflare, enable proxied, and in SSL / TS leave it full, not full strict.
by Rookie
As root user type "certbot renew", renew the certificate. You can uninstall SSL and install it again or renew it "sudo site dominio.com -ssl = force-renewal", I had this same problem and it worked, but probably the The problem is at Clouflare, if I'm not clear, I'm sorry, I'm starting.
Welcome to the Community site for Webinoly.

Our Optimized LEMP Web Server is a powerful set of commands for doing just about anything you could wish.

With Webinoly you can set up your NGINX web server in just one step.

* * * * * * *

To report a bug, please create a new issue on GitHub or ask a question here with the bug tag.
Webinoly Support Paypal Donations

PayPal · GitHub Sponsors · Bitcoin

It is very important that any visitor to the site read the disclaimer, terms of use and privacy and legal statement before start browsing.

...