All renewal attempts failed. The following certs could not be renewed: (failure) while renewing the SSL Certificates.
Raj Patel
> My SSL certificate has expired and I want to renew it. I'm trying to renew it by certbot renew --dry-run command but it gives me following error:
```
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/meeting.thegatewaydigital.in.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for meeting.thegatewaydigital.in
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: meeting.thegatewaydigital.in
Type: unauthorized
Detail: 202.131.103.237: Invalid response from http://meeting.thegatewaydigital.in/.well-known/acme-challenge/HkCKwcGfErGakvy9YqhXtT0HnVYJDyb_8ga7lMa9GTw: 502
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Failed to renew certificate meeting.thegatewaydigital.in with error: Some challenges have failed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/meeting.thegatewaydigital.in/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
```
> The content of /etc/nginx/sites-available/bigbluebutton is as per below:
```
server {
listen 80;
listen [::]:80;
server_name meeting.thegatewaydigital.in;
return 301 http://$server_name$request_uri; #redirect HTTP to HTTPS
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name meeting.thegatewaydigital.in;
ssl_certificate /etc/letsencrypt/live/meeting.thegatewaydigital.in/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/meeting.thegatewaydigital.in/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384$
ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256";
ssl_dhparam /etc/nginx/ssl/dhp-4096.pem;
# HSTS (comment out to enable)
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log /var/log/nginx/bigbluebutton.access.log;
location / {
root /var/www/bigbluebutton-default;
index index.html index.htm;
expires 1m;
}
location /.well-known/acme-challenge/ {
root /var/www/bigbluebutton-default/.well-known/acme-challenge;
}
# Include specific rules for record and playback
include /etc/bigbluebutton/nginx/*.nginx;
}
```
My web server is: Nginx 1.14.0
Big Blue Button Server version: 2.4.6
Can anyone help me this please?
detlef....@gmx.de
--dry-run Test "renew" or "certonly" without saving any certs to disk
Also, the output of the command you ran clearly states:
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
Simulating. Test certificates. Not saved. :slight_smile:
sudo certbot renew
Detlef :-)
--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/eb527146-e7b3-4dba-a564-f499601186d9n%40googlegroups.com.