Able to renew but not to obtain new certs

My domain is: radarr.zodiacnas.tv

I ran this command:
certbot certonly --standalone

It produced this output:
Fetching Login - Radarr Timeout during connect (likely firewall problem)

My web server is (include version): nginx 1.22

The operating system my web server runs on is (include version): FreeBSD

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.18

Hello,

as mentioned in the title i'm currently unable to obtain new certs. I can renew te ones i already have.
I'm attaching the logs in the hope someone can point me in the right direction.

Cheers

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: radarr.zodiacnas.tv
  Type:   connection
  Detail: 87.4.89.80: Fetching http://radarr.zodiacnas.tv/.well-known/acme-challenge/ZQpU0UJnNaCUQmytc5YRDK_lqCLwpKFqvYdBhLbJhrk: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

2022-07-24 20:56:28,429:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/local/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-07-24 20:56:28,429:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-07-24 20:56:28,429:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-07-24 20:56:28,430:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80...
2022-07-24 20:56:28,430:DEBUG:certbot._internal.plugins.standalone:Stopping server at 0.0.0.0:80...
2022-07-24 20:56:29,105:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.18.0', 'console_scripts', 'certbot')())
  File "/usr/local/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/local/lib/python3.8/site-packages/certbot/_internal/main.py", line 1566, in main
    return config.func(config, plugins)
  File "/usr/local/lib/python3.8/site-packages/certbot/_internal/main.py", line 1426, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/local/lib/python3.8/site-packages/certbot/_internal/main.py", line 128, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/local/lib/python3.8/site-packages/certbot/_internal/client.py", line 456, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/local/lib/python3.8/site-packages/certbot/_internal/client.py", line 386, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/local/lib/python3.8/site-packages/certbot/_internal/client.py", line 436, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/local/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/local/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-07-24 20:56:29,106:ERROR:certbot._internal.log:Some challenges have failed.

Hi @ffilevino, and welcome to the LE community forum :slight_smile:

Is that the correct IP?
What is preventing the HTTP connections fom reaching your system?
I get:

curl -Ii radarr.zodiacnas.tv
curl: (56) Recv failure: Connection reset by peer
3 Likes

Weird, I'm only getting time outs, HTTP as wel as HTTPS. Host seems to be down completely from my endpoint.

3 Likes

I've been unclear, apologies: my domain is zodiacnas.tv and I'm trying to obtain a certificate for a subdomain. Specifically radarr.zodiacnas.tv

The IP specified in the error is in fact not my current IP. I did update on no-IP and it's in general it's being updated every hour via duckdns.

I'm not understanding why I can renew but not get new ones.

The public DNS still shows that IP as current. And, it looks like you are using Cloudflare for your DNS provider.

zodiacnas.tv.           300     IN      NS      jeff.ns.cloudflare.com.
zodiacnas.tv.           300     IN      NS      lily.ns.cloudflare.com.

radarr.zodiacnas.tv.    142     IN      A       87.4.89.80

The A record is what Let's Encrypt will use for cert validation.

3 Likes

That was exactly the issue. Thank you! I had to had the subdomains to cloud flare. Somehow I did it before but I'm not sure how or why it didn't register them.

2 Likes