Let's Encrypt has (suddenly) stopped renewing on one web site

Operating system |Ubuntu Linux 20.04.1
Perl version |5.030000
Path to Perl |/usr/bin/perl
BIND version |9.16
Postfix version |3.3.0
Mail injection command |/usr/lib/sendmail -t
Apache version |2.4.41
PHP versions |7.2.34, 7.4.11
Webalizer version |2.23-08
Logrotate version |3.14.0
MySQL version |8.0.21-0ubuntu0.20.04.4|

The error log is to long to post. Here is a link to it if this helps. https://nigel-aves-photography.com/letsencrypt.html

All,

I’ve run into an issue that I’ve spent the day trying to solve with no luck. I have 7 virtual servers, and last night Let’s Encrypt did it’s 2 monthly renewal. All servers updated correctly, except one. Not had an issue with updating for a couple of years. I’ve spent the day trying to workout why, to no avail. I’ve double checked just about everything I can think of, made sure DNS settings matched those of a site that worked, same for the virtual host settings, tried deleting .well-know, tried setting it to 0777 … I’ve now run out of ideas.

Here is the output from Let’s Encrypt / VirtualMin. If anyone has any suggestions I’ll be forever grateful.

Kind Regards to All, stay safe,

Nigel.

Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nigel-aves-photography.com
http-01 challenge for nigel-aves-photography.us
http-01 challenge for www.nigel-aves-photography.com
http-01 challenge for www.nigel-aves-photography.us
Using the webroot path /home/nigel-aves-photography/public_html for all unmatched domains.
Waiting for verification…
Challenge failed for domain nigel-aves-photography.com
Challenge failed for domain nigel-aves-photography.us
Challenge failed for domain www.nigel-aves-photography.com
Challenge failed for domain www.nigel-aves-photography.us
http-01 challenge for nigel-aves-photography.com
http-01 challenge for nigel-aves-photography.us
http-01 challenge for www.nigel-aves-photography.com
http-01 challenge for www.nigel-aves-photography.us
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:

, DNS-based validation failed :

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for nigel-aves-photography.com
dns-01 challenge for nigel-aves-photography.us
dns-01 challenge for www.nigel-aves-photography.com
dns-01 challenge for www.nigel-aves-photography.us
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Waiting for verification…
Challenge failed for domain nigel-aves-photography.com
Challenge failed for domain nigel-aves-photography.us
Challenge failed for domain www.nigel-aves-photography.com
Challenge failed for domain www.nigel-aves-photography.us
dns-01 challenge for nigel-aves-photography.com
dns-01 challenge for nigel-aves-photography.us
dns-01 challenge for www.nigel-aves-photography.com
dns-01 challenge for www.nigel-aves-photography.us
Cleaning up challenges
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Some challenges have failed.
IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: nigel-aves-photography.com
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.nigel-aves-photography.com - check that a DNS
    record exists for this domain

    Domain: nigel-aves-photography.us
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.nigel-aves-photography.us - check that a DNS record
    exists for this domain

    Domain: www.nigel-aves-photography.com
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.www.nigel-aves-photography.com - check that a DNS
    record exists for this domain

    Domain: www.nigel-aves-photography.us
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.www.nigel-aves-photography.us - check that a DNS
    record exists for this domain

And there was one thing I missed! I think I originally added this as extra security from an article (this was in the :80 Directives):

<Directory /> 
AllowOverride none Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>

Changed it to:

<Directory /> 
AllowOverride none
</Directory>

Certificate added …

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.