Let’s Encrypt auto renew only fails for the server domain

I had a bit of struggle with Let’s Encrypts certbot today. Somehow it got 403 Forbidden each time it tried to authenticate the domain for my server. All the other website it worked without problem.

I created a simple text file in /.well-known/acme-challenge to see if I could access it. Yes it worked externally but then I realized I got 403 Forbidden when I tried to access from the server!

After lots of digging and testing I checked the apache general error.log and saw these lines:
[Sun Jan 20 21:52:32.754574 2019] [authz_core:error] [pid 2238] [client 2001:4b98:dc2:47:216:3eff:fe9b:cec6] AH01630: client denied by server configuration: /var/www/

Seeing that IPv6 address gave a clue and soon I found out it was due to that my webserver is not setup to listen to IPv6.
<virtualhost [2001:4b98:dc2:47:216:3eff:fe9b:cec6]:80>

Adding it to the Virtual host listen config it solved it!

Upgrading postgres version

Suppose you made a brew upgrade and postgres got upgraded. Follow then these steps to upgrade your old DB data to the new version.

Start to move of your old data directory:
mv /usr/local/var/postgres /usr/local/var/postgres_96_20171110

Initialize a new fresh DB with the new version of postgres
initdb /usr/local/var/postgres/

Check which postgres services are running and stop all
brew services list

Stop all postgres services, one command for each:
brew services start postgresql

Run postgres upgrade tool(-b and -B are the bin directories for old and new version, and -d and -D same for data directories):
pg_upgrade -b /usr/local/Cellar/postgresql\@9.6/9.6.6/bin/ -B /usr/local/Cellar/postgresql/10.1/bin/ -d /usr/local/var/postgres_20171110 -D /usr/local/var/postgres

Start the postgres service again:
brew services start postgresql

LetsEncrypt certificates for a new site

How do you add certificates for a newly setup website? Like this:

sudo ./letsencrypt-auto run -d www.friluftslivifjallen.se,friluftslivifjallen.se --redirect

I have the old letsencrypt client installed so for a newer installation change letsencrypt-auto to certbot. More about the certbot command line options can be found here.

This post is just a quick self-reminder to be used in the future when I set up new sites on my server.