Overview
When renewing the Let's Encrypt SSL certificate using the./certbot-auto renew command, below errors are seen:
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/<domain>/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: <domain>
Type: unauthorized
Detail: Invalid response from
http://<domain>/.well-known/acme-challenge/W4ZwEqdihe4etEkYSqBvRAXGRnY7
[vvv.xxx.yyy.zzz]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
Not Found</h1></center>\r\n<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Note: The documented process below relates to the certbot certificate creation process and not the integrated Let's Encrypt Certificate feature added within the 9.4 release of Kerio Connect. For information about the integrated process, see Setting up the Let's Encrypt SSL certificate in Kerio Connect 9.4.
Information
- Let's Encrypt is maintained by the Internet Security Research Group (ISRG). It is not one of Kerio Connect products.
- So, direct support for the same can't be provided by Kerio Connect Support for any issues that are found while using Let's Encrypt.
- The deployment guide Deploying Let's Encrypt SSL Certificate on Linux DEB Installations can be used as a reference when using Let's Encrypt with the
certbottool. - Verify that the requirements to run the
certbottool are met in your environment and if required, deploy the same from scratch. - In case the issues persist, then, you can also check the Let's Encrypt Community portal to see if a solution exists or post a new query on the portal.