After updating router certbot update fails

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: spectrix.com, www.spectrix.com

I ran this command:certbot ---apache

It produced this output:
certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.

1: spectrix.com
2: www.spectrix.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1 2

You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/spectrix.com.conf)

It contains these names: spectrix.com

You requested these names for the new certificate: spectrix.com,
www.spectrix.com.

Do you want to expand and replace this existing certificate with the new
certificate?

(E)xpand/(C)ancel: e
Renewing an existing certificate for spectrix.com and www.spectrix.com

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: spectrix.com
Type: connection
Detail: 216.66.96.36: Fetching http://spectrix.com/.well-known/acme-challenge/KsPov4rGRLRS9G3eww3kJ8VyEX0Odo4whyWW4Akvmhk: Timeout during connect (likely firewall problem)

Domain: www.spectrix.com
Type: connection
Detail: 216.66.96.36: Fetching http://www.spectrix.com/.well-known/acme-challenge/c4Rq_swb8ZIynqvucL9nhQSoED3xyH8aZBThMkkU-W4: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):

Server version: Apache/2.4.58 (Ubuntu)
Server built: 2024-10-02T12:40:51

The operating system my web server runs on is (include version):
Ubuntu 24.04.2 LTS

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot) certbot 2.9.0

My certificate will expire 3/23/2025. I worked fin till I upgraded my router.

Hello @cmora111 and welcome.

Using the online tool Let's Debug yields result of https://letsdebug.net/spectrix.com/2393139

image1006×474 26.8 KB

Port 80 and 443 do not seem to be accessible from the public facing Internet.

image806×745 60.9 KB

Best Practice - Keep Port 80 Open

The HTTP-01 challenge states "The HTTP-01 challenge can only be done on port 80."

That is very likely the case or the router stopped forwarding any ports or is filtering them at some level.

That is good possibility

@cmora111 Also make sure your public IP hasn't changed after your router change. If it has you need to update the DNS record to reflect the new one.

I thought a year only had 12 months?

You are correct on that Osiris, possibly misinterpreting the ordering of the numbers.

This is why I strongly encourage the use of ISO-8601 ordered dates. It is the only unambiguous order. As a bonus, it is the best for sensible sorting, too.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.