Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I have TWO Alma 8 servers. Both were installed on the same day and with the same version of Alma 8
Server both installations were configured the same.
Server #1 had Postfix and Dovecot
Server #2 had phpBB Both were confiured with LetsEncrypt. I originally had problems but thanks to this site All was fixed and it's been working fine for months. Never had a problem with either.
Both server have been updated regularly I do #1 and then #2 so the only difference is the apps they run.
Server #1 is working fine Certbot renew works every day. The Logwatch entry is:
A few days ago Server #2 started having a problem. NOTHING has been added to or taken away from either server. The ONLY thing I do, is run the updates whenever they are available.
My Logwatch is now giving me errors
Reloading The Apache HTTP Server.: 13 Time(s)
certbot-renew.service: Failed with result 'exit-code'.: 2 Time(s)
certbot-renew.service: Main process exited, code=exited, status=1/FAILURE: 2 Time(s)
I haven't a clue WHY nether server has had anything other than updates. When it isn't broken, why fix it is my motto.
Can anyone shed any light on this strange behaviour and give me a clue on how to find the problem?
both your domains doesn't show webpage for me. maybe server 1 is renewed earlier and just doesn't need to renew yet?
btw which one is server #1?
and there is a report that abuseDB blocking LE IPs.. check your firewall
NO, networkingtechnology is hosted in Canada.
corp.networkingtechnology is hosted here in Belgium
I use an OPNSense Firewall. Covers ALL incoming and outgoing traffic, so if it was that, BOTH servers would have the same problem
I do run fail2ban in Server #2 (problem one) Could it be that?
I don't block port 80 or 443. Fail2Ban blocks script kiddies, false google bots and repeated attempts to access pages that give 404 errors.
ALL attempts to hack any of my servers get added to OPNSense. All the spammers get blocked by Blacklists on the mail server.
I use Fail2ban for the a-holes that keep trying when they get a 404 and the script kiddies.
Are you sure about Let'sEncrypt servers. If they can hack the Pentagon, then I think everyone is fair game, that's why I check my logs every day and DO something about them rather than just looking at them.