Partial success.
tardis is indeed my sudo username.
I tried the command
sudo chown -R user-data:tardis /home/user-data/www
Then I checked the folder permissions with FileZilla and /home/user-data/www has 755, the files within are 664.
I tried the sudo su variation when the regular manual provision command didn’t.
The domain philipalantyler.co.uk renewed OK
The domains gideon-it.co.uk and gideon-it.com didn’t.
root@box:~/mailinabox/management# sudo su
root@box:/home/ubuntu/mailinabox/management#./ssl_certificates.py
root@box:~/mailinabox/management# ./ssl_certificates.py
Provisioning TLS certificates for gideon-it.com, autoconfig.gideon-it.com, autodiscover.gideon-it.com, mta-sts.gideon-it.com, www.gideon-it.com.
Provisioning TLS certificates for gideon-it.co.uk, autoconfig.gideon-it.co.uk, autodiscover.gideon-it.co.uk, mta-sts.gideon-it.co.uk, www.gideon-it.co.uk.
Provisioning TLS certificates for philipalantyler.co.uk, autoconfig.philipalantyler.co.uk, autodiscover.philipalantyler.co.uk, mta-sts.philipalantyler.co.uk, www.philipalantyler.co.uk.
error: gideon-it.com, autoconfig.gideon-it.com, autodiscover.gideon-it.com, mta-sts.gideon-it.com, www.gideon-it.com:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for gideon-it.com and 4 more domains
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: autodiscover.gideon-it.com
Type: dns
Detail: DNS problem: server failure at resolver looking up A for autodiscover.gideon-it.com; DNS problem: server failure at resolver looking up AAAA for autodiscover.gideon-it.com
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
error: gideon-it.co.uk, autoconfig.gideon-it.co.uk, autodiscover.gideon-it.co.uk, mta-sts.gideon-it.co.uk, www.gideon-it.co.uk:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for gideon-it.co.uk and 4 more domains
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: autodiscover.gideon-it.co.uk
Type: connection
Detail: 81.174.152.174: Fetching http://autodiscover.gideon-it.co.uk/.well-known/acme-challenge/arD_Ud8TUsCTPzDG-KGdSi7Ds4tSqDrVCkAufj1y574: Timeout during connect (likely firewall problem)
Domain: autoconfig.gideon-it.co.uk
Type: connection
Detail: 81.174.152.174: Fetching http://autoconfig.gideon-it.co.uk/.well-known/acme-challenge/HgB7Z7Lxn35krfep9Sjyb2G76cFPVHdtC90NGwez27Y: Timeout during connect (likely firewall problem)
Domain: gideon-it.co.uk
Type: connection
Detail: 81.174.152.174: Fetching http://gideon-it.co.uk/.well-known/acme-challenge/N7VL_jjNQ7E6RhexpavuvCA5DMUQX_h-ERdXRmSBa9Q: Timeout during connect (likely firewall problem)
Domain: www.gideon-it.co.uk
Type: dns
Detail: DNS problem: server failure at resolver looking up CAA for www.gideon-it.co.uk
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
installed: philipalantyler.co.uk, autoconfig.philipalantyler.co.uk, autodiscover.philipalantyler.co.uk, mta-sts.philipalantyler.co.uk, www.philipalantyler.co.uk:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for philipalantyler.co.uk and 4 more domains
Successfully received certificate.
Certificate is saved at: /tmp/tmpqewcz_qc/cert
Intermediate CA chain is saved at: /tmp/tmpqewcz_qc/chain
Full certificate chain is saved at: /tmp/tmpqewcz_qc/cert_and_chain.pem
This certificate expires on 2024-08-17.
NEXT STEPS:
- Certificates created using --csr will not be renewed automatically by Certbot. You will need to renew the certificate before it expires, by running the same Certbot command again.
If you like Certbot, please consider supporting our work by:
- Donating to ISRG / Let’s Encrypt: Donate - Let's Encrypt
- Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation
web updated
Thanks for your help Vele - I’ll try again with the other two domains.