Certbot-auto renew failed - The client lacks sufficient authorization - Why?
I found an alternativ solution but I did not solve the problem.
I did the tricks like here : I used the following command :
./certbot-auto certonly -d www.domain1.fr -d domain1.fr -d domain2.fr -d www.domain2.fr
My certificates are now working again.
So the problem (i suppose) is the way certbot-auto renew
match the webroot of each website.
Thank you very much @Martin Zeitler for you help and your time.
make sure that each of these host-names have an A
record in DNS
and that each directory .well-known/acme-challenge
can be accessed; it could not be any more obvious, when it complains about 503 Service Unavailable
. the log file /var/log/letsencrypt/letsencrypt.log
might possibly contain further information.
a) on the one domain, .well-known/acme-challenge
needs to be excluded from URL rewriting:
RewriteCond %{REQUEST_URI} !^\.well-known/(.*)$
b) and on the other one domain, :80
must not redirect to :443
.
In our case, our DNS was working fine but were still receiving the lacks sufficient authorization
error.
Finally came across a resource here: https://webdock.io/en/docs/webdock-control-panel/common-certbot-errors
That brought to light running:
certbot rollback
Followed by:
certbot renew
And we were finally able to renew the certificate.
We were seriously on the verge of bringing up a brand new VM and migrating everything over - Because after multiple attempts at solving that issue, the certificate had finally expired and we were in crunch mode.
Maybe this will save someone some grief.