# Let’s Encrypt renew出现“Challenge failed for domain xxxx”

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/xxx.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for xxxx
Waiting for verification...
----------------------------------------
Exception happened during processing of request from ('::ffff:66.133.109.36', 45260, 0, 0)
Traceback (most recent call last):
File "/usr/lib64/python2.7/SocketServer.py", line 295, in _handle_request_noblock
File "/usr/lib64/python2.7/SocketServer.py", line 321, in process_request
File "/usr/lib64/python2.7/SocketServer.py", line 334, in finish_request
File "/usr/lib/python2.7/site-packages/acme/standalone.py", line 207, in __init__
BaseHTTPServer.BaseHTTPRequestHandler.__init__(self, *args, **kwargs)
File "/usr/lib64/python2.7/SocketServer.py", line 651, in __init__
self.finish()
File "/usr/lib64/python2.7/SocketServer.py", line 710, in finish
self.wfile.close()
File "/usr/lib64/python2.7/socket.py", line 279, in close
self.flush()
File "/usr/lib64/python2.7/socket.py", line 303, in flush
self._sock.sendall(view[write_offset:write_offset+buffer_size])
error: [Errno 32] Broken pipe
----------------------------------------
Challenge failed for domain xxxx
http-01 challenge for xxxx
Cleaning up challenges
Attempting to renew cert (xxxx) from /etc/letsencrypt/renewal/xxxx.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/xxxx/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/xxxx/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: xxxx
Type:   unauthorized
Detail: Invalid response from
http://xxxx/.well-known/acme-challenge/vQ5zuvoh188fvC0GE8U5KnJ5yQMf1GamNzJCW-Ho-D8
[xxx.xxx.xxx.xxx]: "\n\n\n
body{background-color:#FFFFFF}"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

1. ip已经正确解析，错误信息和log中可以验证这点；
2. 绑定80端口也没问题，已经停止了Nginx；
3. certbot已经升级到了最新版本；
4. 用Python3.6的pip重新安装certbot并尝试，问题依旧。

1. 域名备案；这个不用说了吧，说多了也不好；
2. 暂时将域名解析到境外服务器，获取到证书更新后再解析回来；
3. 域名验证从http改成dns。

dns验证有两个重要参数:

• –preferred-challenges，验证方式，填写dns或dns-01;
• –server, 验证服务器，填写https://acme-v02.api.letsencrypt.org/directory

（一般）是交互式的，因为执行过程中需要用户输入必要的信息。

certbot renew -d 域名 --preferred-challenges dns --manual --server https://acme-v02.api.letsencrypt.org/directory