After PHPSwitcher Update 5.0.5 no Let's Encrypt Cert upgrade possible

  • Hi Laurent,

    i have an urgent problem on every server where i'd updated the phpswitcher to 5.0.5.

    On every server Let's Encrypt 3.5.0 is running too.


    Now the first cert upgrade had failed

    HTML
    1. Failed authorization procedure. my-domain.tld (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://my-domain.tld/.well-known/acme-challenge/xClGDXgN7miGD7hafNVtaUjmjSgs7nsX-9Ijt35yTKI [2a01:4f8:c010:41db::1]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>" at /var/www/imscp/gui/plugins/LetsEncrypt/backend/LetsEncrypt.pm line 832.


    I'd tested to open a file under the folder

    Code
    1. .well-known/acme-challenge/

    But i got an 404 too. The webspace is empty and no htaccess which can protect this folder.


    I'd tried this test on some other server with different domains and everytime the same.


    If i change the folder to ".well-known/acmechallenge" i can reach the file without an error.


    Do you have an idea to fix this problem?


    Regards

    Sascha

  • TheCry

    Changed the title of the thread from “After PHPSwitcher Update 5.0.5 not Let's Encrypt Cert upgrade possible” to “After PHPSwitcher Update 5.0.5 no Let's Encrypt Cert upgrade possible”.
  • Mhhh.. Now i understand where i have to place a file if i want to check wheter the folder is open.

    Code
    1. var/www/imscp/gui/plugins/LetsEncrypt/acme/.well-known/acme-challenge/

    If i add there a file i will see the file with the browser. But Let's Encrypt does not renew the cert


    I'd checked now the log of let's encrypt and found this here at the end of the log



    Maye this problem: LetsEncrypt PlugIn: python2 deprecation warning

  • I had a similar issue. But that was due DNS issues (wrong / missing entries). And ones due an IP issue (webserver uses a different IP than the one configured for that special subdomain).

    It was the same errror message, thats why I wanted to share that info. :)

    The only difference is that I currently use (and used that time) certbot itself without the i-MSCP plugin.

    Have a nice day. :)