I'm trying to renew my SSL certificate in my AWS EC2 server, but I'm getting the following error so after a lot of research I couldn't find the solution.
The command I run:
$ sudo certbot renew --dry-run
Error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mydomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mydomain.com
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Waiting for verification...
Challenge failed for domain mydomain.com
http-01 challenge for mydomain.com
Cleaning up challenges
Attempting to renew cert (mydomain.com) from /etc/letsencrypt/renewal/prod-mydomain.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mydomain.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mydomain.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mydmain.com
Type: unauthorized
Detail: 2.211.168.8: Invalid response from
http://mydoamin.com/.well-known/acme-challenge/ov6EBHInETwkZZ-oqLNI908jFXvN7PFK86ZCJYcdrtA:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Based on the error given, you need to ensure that the domain that you are trying to create the certificate for is pointing to the server.
You probably need a
A
DNS entry formydmain.com
pointing to your server IP.I believe this is how LetsEncrypt ensure ownership of the domain. https://letsencrypt.org/getting-started/