I spent a lot of time today trying to renew a SSL certificate which used LetsEncrypt.

The command as per LetsEncrypt documentation to renew SSL certificate is simple.

certbot renew

Running this command though, returned this error. unexpected error: Failed authorization procedure. {{DOMAIN} (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization

I tried a few other methods to renew the certificate, but they all failed.

The solution which worked:

  1. service apache2 stop

  2. certbot certonly (double dash)manual -d {{DOMAIN}} (double dash)preferred-challenges=“dns”

  3. Certbot will suggest a TXT record to add to DNS. Add the suggested TXT record in Cloudflare DNS and back on the server, press Enter to continue.

  4. Certificate is renewed.

  5. service apache2 start

Server: Ubuntu 16.04. Software: Apache

🎉