Hey I know that this is sort of a general certbot issue but I feel like I’m probably missing something obvious that someone here might be able to spot the problem more quickly given their familiarity with this project.
I have an nginx server that runs nextcloud, and wikijs.
I set up the server using this Ansible playbook: https://github.com/ReinerNippes/nextcloud
I run this server on a desktop in my closet. It runs Ubuntu 18.04
It recently ran some updates using the “Software Update” program. This includes an installation of nginx from the onedrej ppa: https://launchpad.net/~ondrej/+archive/ubuntu/nginx
When it was updating it said that the update was trying to overwrite a config. I let it default to “yes overwrite”
Probably shouldn’t have done that because now my Nextcloud server (and everything else) is not accessible.
I got a bunch of errors when I tried to start the nginx server. I went through and commented out the lines that were causing the problems. But now I’m getting certbot errors.
If you go to https://cloud.aslanfrench.work it gives a “bad ssl cert” error and says the cert it was given has expired. But when I try to run certbot it says all the certs are up to spec and stuff.
When I try to run certbot I get the following response:
└─➤ sudo certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: cloud.aslanfrench.work
2: cloud.jackalope.tech
3: wiki.jackalope.tech
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/cloud.aslanfrench.work.conf)
It contains these names: cloud.jackalope.tech, cloud.aslanfrench.work
You requested these names for the new certificate: cloud.aslanfrench.work,
cloud.jackalope.tech, wiki.jackalope.tech.
Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for cloud.aslanfrench.work
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. cloud.aslanfrench.work (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://cloud.aslanfrench.work/.well-known/acme-challenge/9evC78GTxlGgx4W2PMwWZqdaKZTdgibdmrpF4GK-ZOU [136.49.174.165]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: cloud.aslanfrench.work
Type: unauthorized
Detail: Invalid response from
http://cloud.aslanfrench.work/.well-known/acme-challenge/9evC78GTxlGgx4W2PMwWZqdaKZTdgibdmrpF4GK-ZOU
[136.49.174.165]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Reading through this there seems to be some kind of authorization problem but I’m running certbot as sudo? Am I missing something?