Certbot-auto renew failed - The client lacks sufficient authorization - Why?

I found an alternativ solution but I did not solve the problem.

I did the tricks like here : I used the following command :

./certbot-auto certonly -d www.domain1.fr -d domain1.fr -d domain2.fr -d www.domain2.fr

My certificates are now working again.

So the problem (i suppose) is the way certbot-auto renew match the webroot of each website.

Thank you very much @Martin Zeitler for you help and your time.


make sure that each of these host-names have an A record in DNS and that each directory .well-known/acme-challenge can be accessed; it could not be any more obvious, when it complains about 503 Service Unavailable. the log file /var/log/letsencrypt/letsencrypt.log might possibly contain further information.

a) on the one domain, .well-known/acme-challenge needs to be excluded from URL rewriting:

RewriteCond %{REQUEST_URI} !^\.well-known/(.*)$

b) and on the other one domain, :80 must not redirect to :443.


In our case, our DNS was working fine but were still receiving the lacks sufficient authorization error.

Finally came across a resource here: https://webdock.io/en/docs/webdock-control-panel/common-certbot-errors

That brought to light running:

certbot rollback

Followed by:

certbot renew

And we were finally able to renew the certificate.

We were seriously on the verge of bringing up a brand new VM and migrating everything over - Because after multiple attempts at solving that issue, the certificate had finally expired and we were in crunch mode.

Maybe this will save someone some grief.

Tags:

Certbot