Monthly Archives: June 2016

OwnCloud Let’s Encrypt certificate renewal

I use OwnCloud with Let’s Encrypt certificate and recently I received error message below from my ctrontab command:

./letsencrypt-auto renew

All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/cloud.eu/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

WARNING: certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/cloud.conf produced an unexpected error: At least one of the (possibly) required ports is already taken. Skipping.

Failed authorization procedure. The client lacks sufficient authorization. Invalid response from http://cloud.eu/.well-known/acme-challenge/

I have launched same command manually and error message clearly said again “unauthorized”.

Domain: cloud.eu
Type: unauthorized
Detail: Invalid response from
http://cloud.eu/.well-known/acme-challenge/
!DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
Not Found

I found the solution on OwnCloud Forums. The point is to rewrite request to acme-challenge file from HTTPS to clear HTTP.

mkdir /var/www/owncloud/.well-known/acme-challenge
chmod 755 /var/www/owncloud/.well-known/acme-challenge/

vi /var/www/owncloud/.well-known/acme-challenge/.htaccess

RewriteRule ^\.well-known/acme-challenge letsEncrypt.php
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

chmod 644 /var/www/owncloud/.well-known/acme-challenge/.htaccess

Now you can launch ./letsencrypt-auto renew from cron without any issues.