Problem renewing certificates

I am having an issue with the provisioning of replacement certificates. The initial set-up was executed fine. Currently using V61.1 with patching fully up to date and no error in system status checks

I have made zero changes to config or server other than applying security updates and rebooting as required

There is not much useful information in the response/logs other than:

Invalid response from http://MADEUPDOMAINNAME/.well-known/acme-challenge/xZ243dkJ2rb-4PnaQBSyMA0SRfxpWHRgzUkTJIjMpos

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Any pointers appreciated before I attempt to build a new server and migrate the data


Some questions:

  • Is this for all certificates or specific ones?
  • Is this concerning the automatic renewal of the certificates or a manual action?
  • What happens if you manually retry the provisioning?

All certificates
Automated renewal, 11 days remaining, failed again over night
Manual provisioning via web interface and also cmd line is also failing

I suspect that the problem is related to an issue with the .well-known/acme-challenge directory not being presented by nginx. The config is present for nginx but the directory structure was missing under /home/user-data/ssl/lets_encrypt/webroot/. I tried creating the directories with the same permissions and ownership as the parent directory and then rebooting, with no success. I cannot navigate to the directory in a browser

The automated provisioning worked for the initial move to a new server in November and the last automated renewal

After much messing around I decided to got for the new server build

tar’d up the mailboxes directory and transferred rather than using the full back up to avoid pulling in any old config

All up and running