[问与答] certbot 更新 letsencrypt 证书总报 404 错误,排查半天找不到原因

证书更新用的是存放在 /etc/letsencrypt/renewal/的配置文件,总报这个 404 错误,验证文件也的确没有成功保存至/var/www/html/mysite/.well-known/acme-challenge/下面,不知怎么解决了,哪位朋友碰到过这个情况,请不吝赐教。

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mydomain.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (mydomain.com) from /etc/letsencrypt/renewal/mydomain.com.conf produced an unexpected error: Failed authorization procedure. mydomain.com ( http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 1.2.3.4: Invalid response from https://www.mydomain.com/.well-known/acme-challenge/wpQ9UaWBUJja7pbnZVmh5sU81zUkUOGCsGPqotpS2Hs: 404. Skipping.

配置文件是

cat /etc/letsencrypt/renewal/mydomain.com.conf # renew_before_expiry = 30 days
version = 0.31.0
archive_dir = /etc/letsencrypt/archive/mydomain.com
cert = /etc/letsencrypt/live/mydomain.com/cert.pem
privkey = /etc/letsencrypt/live/mydomain.com/privkey.pem
chain = /etc/letsencrypt/live/mydomain.com/chain.pem
fullchain = /etc/letsencrypt/live/mydomain.com/fullchain.pem # Options used in the renewal process
[renewalparams]
authenticator = webroot
server = https://acme-v02.api.letsencrypt.org/directory
account = d7e85a2d2857915eb10ca8c2df5433d3
[[webroot_map]]
mydomain.com = /var/www/html/mydomain

renew 时没有除 404 之外的错误提示,运行certbot certificates一直有这个 warning:OCSP check failed for /etc/letsencrypt/live/mydomain.com/cert.pem (are we offline?)

我怀疑是网络层面的原因,因为之前自动更新都没问题的。根据 https://v2ex.com/t/658605 反馈的 DNS 污染问题,已经23.32.3.72 ocsp.int-x3.letsencrypt.org写在/etc/hosts,但没用。

尝试申请一张新证书,仍报这个错误。