Page MenuHomeDevCentral

Renew www.espace-win.org certificate
Closed, ResolvedPublic

Description

  • Expires on: Apr 18, 2016
  • Current date: Apr 21, 2016

Event Timeline

dereckson created this task.Apr 20 2016, 22:08
$ letsencrypt renew
[...]
-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/www.espace-win.org.conf
-------------------------------------------------------------------------------
2016-04-20 22:10:33,464:WARNING:letsencrypt.renewal:Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/www.espace-win.org.conf produced an unexpected error: Failed authorization procedure. dropbox.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://dropbox.espace-win.org/.well-known/acme-challenge/AFcGawsTLFqpJwWWZDmMh4LHjMVRkIbAfbq13_6qM40 [212.83.187.132]: 403, files.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://files.espace-win.org/.well-known/acme-challenge/43QDyWupIPxeAlNMyXgvDezCIMf-6kGxvAn2SzBIrak [212.83.187.132]: 403, forum.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://forum.espace-win.org/.well-known/acme-challenge/rHPn1p3iNsjXBzgAC0Hk-npvdCRF1qmJTrohgFkmugM [212.83.187.132]: 403, espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://espace-win.org/.well-known/acme-challenge/o_7sf9acLUEuHzVQNOHBcHvTG73l7xlP8mMX6nhx22c [212.83.187.132]: 403, pastebin.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://pastebin.espace-win.org/.well-known/acme-challenge/QCzu4WhOSjhRPzH6BvjMgAn2tggV1qbBW0q9tdyYACs [212.83.187.132]: 403, assets.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://assets.espace-win.org/.well-known/acme-challenge/LU-KuSB2bzPYmxw2vACtLu6yZj8ygXkAZiPxwHOMcHE [212.83.187.132]: 403, excel.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://excel.espace-win.org/.well-known/acme-challenge/5iaG0F-_T5a2TKlFWDxTqvBxg6GD50B_YfY5sxolNQ0 [212.83.187.132]: 403, www.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.espace-win.org/.well-known/acme-challenge/Pw6LYupam92EIy330xYlAuHuKvNKpp6unoVU8UAOrmw [212.83.187.132]: 403, gd.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://gd.espace-win.org/.well-known/acme-challenge/SP1gRHzjZR39Ai9lZXQvEsTi9i7f0dYSL2bbR_bPOY4 [212.83.187.132]: 403. Skipping.

[...]

The following certs were successfully renewed:
  /usr/local/etc/letsencrypt/live/databases.nasqueron.org/fullchain.pem (success)
  /usr/local/etc/letsencrypt/live/databases.nasqueron.org-0001/fullchain.pem (success)

The following certs could not be renewed:
  /usr/local/etc/letsencrypt/live/otrs.wolfplex.be/fullchain.pem (failure)
  /usr/local/etc/letsencrypt/live/labs.espace-win.org/fullchain.pem (failure)
  /usr/local/etc/letsencrypt/live/www.espace-win.org/fullchain.pem (failure)
[...]
dereckson closed this task as Resolved.EditedApr 20 2016, 22:21

So the issue was this nginx block, which deny access to .well-known like anything else starting with a dot:

location ~ /\. {
    deny all;

    access_log off;
    log_not_found off;
}

It has been replaced by:

location ~ /\.(?!well-known) {
    […]
}