renouvellement de certificat

Page principale

Répondre à ce message
Auteur: Patrice Karatchentzeff
Date:  
À: GUILDE
Sujet: renouvellement de certificat
Salut,

J'ai un souci un peu chaud. J'ai un certificat Let's Encrypt qui
expire demain. Sur un kimsufi.

Si je tente un renouvellement :

# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/XX.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for XX.eu
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (XX.eu) from
/etc/letsencrypt/renewal/XX.eu.conf produced an unexpected error:
Failed authorization procedure. XX.eu (http-01):
urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient
authorization :: Invalid response from https://XXlogin [YY]:
"<!DOCTYPE html>\n<html class=\"ng-csp\"
data-placeholder-focus=\"false\" lang=\"en\" data-locale=\"en\"
>\n\t<head\n data-requesttoken=\"q5M8". Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/XX.eu/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/XX.eu/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: XX.eu
Type: unauthorized
Detail: Invalid response from
https:/XX.eu/login [5.135.166.107]: "<!DOCTYPE
html>\n<html class=\"ng-csp\" data-placeholder-focus=\"false\"
lang=\"en\" data-locale=\"en\" >\n\t<head\n
data-requesttoken=\"q5M8"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

Le nom de domaine est donné par OVH (c'est le nom de la machine). La
machine répond parfaitement et je peux y accéder en https sur les
adresses où certbot se plaint.

Une idée ?

Merci

PK

-- 
      |\      _,,,---,,_           Patrice KARATCHENTZEFF
ZZZzz /,`.-'`'    -.  ;-;;,_   mailto:patrice.karatchentzeff@gmail.com
     |,4-  ) )-,_. ,\ (  `'-'
    '---''(_/--'  `-'\_)