some of my certs won't generate/update

[colfin22]

I'm getting this in the log. The server has been running fine for a few years without issue and I'm out of touch with this software so have no idea where to start diagnosing the issue

`Creating/renewal emby.mydomainname.com certificates... (emby.mydomainname.com)

[Wed Dec 2 17:22:22 UTC 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory

[Wed Dec 2 17:22:22 UTC 2020] Single domain='emby.mydomainname.com'

[Wed Dec 2 17:22:22 UTC 2020] Getting domain auth token for each domain

[Wed Dec 2 17:22:25 UTC 2020] Getting webroot for domain='emby.mydomainname.com'

[Wed Dec 2 17:22:25 UTC 2020] Verifying: emby.mydomainname.com

[Wed Dec 2 17:22:29 UTC 2020] emby.mydomainname.com:Verify error:Invalid response from https://emby.mydomainname.com/.well-known/acme-challenge/5TFpMkJZeT1c-mPKXGxL6EY-mxcDFuoDrXuC7rGgsp4 [2606:4700:3035::ac43:d7b2]:

[Wed Dec 2 17:22:29 UTC 2020] Please check log file for more details: /dev/null`

[buchdag]

Hi. We've recently released a major update (jrcs/letsencrypt-nginx-proxy-companion:2.0.0) that changed a number of things in a non backward compatible way.

Please check #510 and #719.

Your issue appears to be an authorisation issue, please also check https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/blob/master/docs/Invalid-authorizations.md

Switching from v1 to v2 will cause all certificates to be issued again but that should not be an issue if everything is set up to correctly authorise your domains. I switched a few production servers today from v1 to v2 with no issues.

If required you can switch back to the last v1 tagged release by using jrcs/letsencrypt-nginx-proxy-companion:v1.13.1 instead of jrcs/letsencrypt-nginx-proxy-companion:latest.

[colfin22]

Ok, when I bypassed Cloudflare the cert updated. I'll need to come back to this at the weekend, don't have time now

[buchdag]

This is an old comment but it might still be helpful: #247 (comment)

[colfin22]

Brilliant, hopefully I'll fix this later. Thanks for your help

[tynor88]

Same issue with Cloudflare. Fix in #247 didn't help.
Rolling back to v1.13.1 and all is working again.

[buchdag]

@tynor88 when updating to v2 of this image, neither certs nor ACME accounts are migrated. The ACME account hold the fact that you already validated some domains. Because it is not migrated, your domains have to be validated again. My guess is that your domains where validated back when you issued certificates for them with v1 of this project, did not need to be validated again for an extended period of time because you used the same ACME account, but now they don't pass validation anymore on a new ACME account.

While the old ACME accounts of v1 aren't migrated to v2, they're not removed from the Docker volume either so going back to v1 will make it look like the issue is fixed. But I think your domains still won't pass validation if required.

[buchdag]

Inactive issue, closing.