Finally solved! Letsencrypt 404 on cert renew

Hi all,

I was ready to pull my hairs out. The domain hosting my sync service started giving warnings about the certificate months ago, but ‘simple’ measures did not resolve the issue.

Revewing gave an error as in the full log, in short:


2024-07-04 20:35:41,493: INFO - Order created!
2024-07-04 20:35:42,491: INFO - Verifying ffs.maindomain.tld...
2024-07-04 20:35:42,511: ERROR - Wrote file to /var/www/.well-known/acme-challenge-public/PZCpXuz2Zjrv2NRh_2aHqrrXqpWoSY8_1CDs8_IOzOU, but couldn't download http://ffs.maindomain.tld/.well-known/acme-challenge/PZCpXuz2Zjrv2NRh_2aHqrrXqpWoSY8_1CDs8_IOzOU: Error:
Url: http://ffs.maindomain.tld/.well-known/acme-challenge/PZCpXuz2Zjrv2NRh_2aHqrrXqpWoSY8_1CDs8_IOzOU
Data: None
Response Code: 404
Response: <html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

2024-07-04 20:35:42,512: ERROR - Certificate installation for ffs.maindomain.tld failed !
Exception: Could not sign the new certificate

Passwords and bookmarks are really getting out of sync now, so time make short shrift of the matter.

Some things that may have impacted the situation:

  • I moved the domain from a VPS to my homeserver
  • My home internet got assigned a new (…also static…) IP from my ISP
  • My domain registrar sometimes resets the nameservers to their own, instead of dns.he.net that I have configured there
  • At this moment the login screen of dns.he.net seems to be down

When manually checking the file in the well-known directory, it is there. wgeting the file from another server doesn’t work without fiddling: wget gets redirected to https, and thet complains about the certificate.

Things tried to resolve the issue:

  • Just banging on the ‘Renew certificate’ button, it has to work at some point hasn’t it? Nope.
  • Reventing to self-signed and then re-issueing Letsencrypt. No go either
  • Meticously go through the diagnostics. Anything? No, nothing.
  • Is syncservice in the way? Moving it to another domain then! Doesn’t help, of course.
  • Lets remove the domain, restart nginx, and add the domain again? Didn’t help.
  • Worse, some caching (browserside, I later realized) still showed syncserver installed on the domain (even though the app was moved and the domain recreated). Lets just backup, and then remove the syncserver altogether. Then I thought of removing cookies etc from my browser.
  • Perhaps a DNS issue? Re-add the domain to the old VPS, and apply for a cert there. Gives a clear IP/hostname mismatch error. At least that should not be the point.
  • Start pulling at hairs. No effect? Pull harder.

I was quite sure I searched the forum earlier, but clearly not for “Letsencrypt 404”. That let me to a helpful post that got me thinking, “Could it be that simple?”

It was! The IP mentioned for the hostname (ffs.maindomain.tld, not ffs.localhost) was the old IP.

After correcting the IP, I hardly dared hoping this had solved the issue, but hitting the certification button, it worked!

I’ll be restoring Syncserver from backup, and moving it back to its own domain. Tonight my devices will be happily reconnecting after all this time of being isolated :slight_smile:

Why this long winded post? I was not able to thank Aleks in the other thread: it’s been closed for too long. Here then: Thanks! :heart:

1 Like