I recently faced an issue when attempting to update my Let’s Encrypt SSL certificates. Here is how I resolved it.
All of my websites are set up with HTTPS with SSL on port 443 provided by Let’s Encrypt.
Every site also has a 301 ‘Moved Permanently’ server-side redirect on port 80 pointing to the HTTPS version of the site. So everything on the site is forced to SSL.
For example anyone going to
http://caseydris.co/the-blugold-bird-mascot will automatically be redirected to
https://caseydris.co/the-blugold-bird-mascot, and the URI stays intact.
Previously this was set up with a ‘catch-all’ solution.
Every 90 days these certificates need to be updated with a simple command through
certbot-auto. I like to do this manually as it assures I’m logging in to check the server at least every three months.
Ideally I’d be able to enter
sudo certbot-auto renew on the command line and all expiring certificates would auto-update, but it wasn’t working this time around. (and truthfully, I’m not sure how it was working before)
certbot runs the update it has to publicly verify the site and the certificate through the
This directory has to be publicly available through HTTP on port 80. When all HTTP requests are automatically sent to HTTPS on port 443, it can never check the
This returns an error to
certbot that says ‘produced an unexpected error: Failed authorization procedure.’ like in the featured image above. The client can’t authorize, because it is getting a 403 Forbidden Error.
The solution is to redirect all location requests except the ones to
Here is a file I saved as
Then I place a new
root line in the configuration along with an
include to the new