Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
sudo certbot -vvv renew
It produced this output:
Root logging level set at -10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mark.tiggas.us.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Requested authenticator <certbot.cli._Default object at 0x7f8c782dc748> and installer <certbot.cli._Default object at 0x7f8c782dc748>
Should renew, less than 30 days before certificate expiry 2022-02-22 11:27:37 UTC.
Cert is due for renewal, auto-renewing...
Requested authenticator apache and installer apache
Apache version is 2.4.38
Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f8c78266be0>
Prep: True
Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f8c78266be0>
Prep: True
Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0x7f8c78266be0> and installer <certbot_apache.override_debian.DebianConfigurator object at 0x7f8c78266be0>
Plugins selected: Authenticator apache, Installer apache
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/77086911', new_authzr_uri=None, terms_of_service=None), 910bf805e9c5ab79dce5641dc6ea08bb, Meta(creation_dt=datetime.datetime(2020, 1, 31, 20, 19, 38, tzinfo=<UTC>), creation_host='paxi'))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
Received response:
HTTP 200
Server: nginx
Date: Thu, 27 Jan 2022 19:19:40 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"lqtmlmJ0D60": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
Renewing an existing certificate
Generating key (2048 bits): /etc/letsencrypt/keys/0042_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0042_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Thu, 27 Jan 2022 19:19:40 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001g4bqZES_FhLMi536Kq39_ddZTKkT-LVa2YHUbNb11Do
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Storing nonce: 0001g4bqZES_FhLMi536Kq39_ddZTKkT-LVa2YHUbNb11Do
JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "mark.tiggas.us"\n },\n {\n "type": "dns",\n "value": "mail.tiggas.us"\n }\n ]\n}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzcwODY5MTEiLCAibm9uY2UiOiAiMDAwMWc0YnFaRVNfRmhMTWk1MzZLcTM5X2RkWlRLa1QtTFZhMllIVWJOYjExRG8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "fFYOolDRWlD71eHiei0DiFmiPLVHo_psoiTN-8lTHJVRWgeDrTlVOEwhOWZH4JqRofJz6s_CQuZ9LhDX3pz1ziKGcWN0ih84vKJSbu4NjRxi97Bz-1Sbd9MgD4-MmKh-wJb4fOdYipO6TZ8EDcUp_Z5iwXFW4hBbsD4d2tHuSDg-CKnEX-uu2K7P6wwXkMpG1bzE00Ii61UlQOZ-R_7SaOeBFjD-mYRmg_ZqPsegEbi1byjBE3THg5qWnqgydrLtfryy9gUjy2XMvybxf04ei2x_L0mct_-JQEykTeqks5eiO7vhNb88cWMT59uilo7C97ueHmA_4y-NlYwEwdHe-g",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1hcmsudGlnZ2FzLnVzIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWwudGlnZ2FzLnVzIgogICAgfQogIF0KfQ"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 472
Received response:
HTTP 201
Server: nginx
Date: Thu, 27 Jan 2022 19:19:40 GMT
Content-Type: application/json
Content-Length: 472
Connection: keep-alive
Boulder-Requester: 77086911
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/77086911/58971474540
Replay-Nonce: 0002B5_yH8bqoZr_D2Tx2AcDvYg6IW-TmftYHg_8gC15sPE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2022-02-03T19:19:40Z",
"identifiers": [
{
"type": "dns",
"value": "mail.tiggas.us"
},
{
"type": "dns",
"value": "mark.tiggas.us"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/71108085300",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/72511158280"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/77086911/58971474540"
}
Storing nonce: 0002B5_yH8bqoZr_D2Tx2AcDvYg6IW-TmftYHg_8gC15sPE
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/71108085300:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzcwODY5MTEiLCAibm9uY2UiOiAiMDAwMkI1X3lIOGJxb1pyX0QyVHgyQWNEdllnNklXLVRtZnRZSGdfOGdDMTVzUEUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzcxMTA4MDg1MzAwIn0",
"signature": "YesZ-XNcbky8KEt46fCnwY2CmQM-gNS8SGqPXBMiSDfklKPrrjH7qnK0TxVBLQU0P8B6rf3Em98ufBwxPy8MnoM_WlSqhMnB_6_pNZJpja_VtnFwat4C-E4W4ta1Rs5McKTHUmv2e99kwS-dPZ0rUvUPS5eBRk231hWxgTXrJRFCwGv-bIQtDxoX_laQy65T-o2QdAj9zDn4776E4YaaBI0jOyQJgvt8biTfCNjQoW-_erZa-3aYo66LcsMSUqtyDc-HPlhinw75HbyG_AgVhAbwSbgxQwnii0qPwYbgn1x0tGotw-6AzoPS7Hce3bkMOo5QJWN-yaAXQTNi872Yjg",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/71108085300 HTTP/1.1" 200 754
Received response:
HTTP 200
Server: nginx
Date: Thu, 27 Jan 2022 19:19:40 GMT
Content-Type: application/json
Content-Length: 754
Connection: keep-alive
Boulder-Requester: 77086911
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002RvCHmmTmDuNaBpokpkcRWeh1BRH15TAXmgbbCRSeJss
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "mail.tiggas.us"
},
"status": "valid",
"expires": "2022-02-22T12:28:04Z",
"challenges": [
{
"type": "http-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/71108085300/UyFw8Q",
"token": "pBQw0_fZPL13qpjqjtowBWi21nCeHDBUtDvPhmOwEV4",
"validationRecord": [
{
"url": "http://mail.tiggas.us/.well-known/acme-challenge/pBQw0_fZPL13qpjqjtowBWi21nCeHDBUtDvPhmOwEV4",
"hostname": "mail.tiggas.us",
"port": "80",
"addressesResolved": [
"73.164.58.57"
],
"addressUsed": "73.164.58.57"
}
],
"validated": "2022-01-23T12:28:02Z"
}
]
}
Storing nonce: 0002RvCHmmTmDuNaBpokpkcRWeh1BRH15TAXmgbbCRSeJss
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/72511158280:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzcwODY5MTEiLCAibm9uY2UiOiAiMDAwMlJ2Q0htbVRtRHVOYUJwb2twa2NSV2VoMUJSSDE1VEFYbWdiYkNSU2VKc3MiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzcyNTExMTU4MjgwIn0",
"signature": "WpdYV-H3_OeLv5kN7VFuVT9lzmAdIXwj6jf8yMc_m1n3fnigLS_GDSKEdldq9MXInJ2SF8J0_IgZhh6FYjkIwUoSStohJzGRI1PUyx2zNryjKYc48Q-optZvWxJkyHLKb-5309quiiqw9RMcF1tBcyBxOB7PZNozhTIK4spHyOQh5MhlAhYsUUE3zEPm-Q71g6HDg3SwaCnFtTQjZ96ZFav5uo0EOlz8ZSiUoLPafB1dIxznBpQQXaqqcaxwwCdHhz4c65CI6AfpCyNDYoJlXXgXg678qxS0dBwkNDkGi1V0nEvPTQyo5sxvv6g6M1SJADrTUGT4iKDprnFFfsm8Zg",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/72511158280 HTTP/1.1" 200 795
Received response:
HTTP 200
Server: nginx
Date: Thu, 27 Jan 2022 19:19:40 GMT
Content-Type: application/json
Content-Length: 795
Connection: keep-alive
Boulder-Requester: 77086911
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001IgUOK8PcziaoPe1i1THK_T2Q0AKA0Z8m2GPacxvQxkM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "mark.tiggas.us"
},
"status": "pending",
"expires": "2022-02-03T19:19:40Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/72511158280/B5rPTQ",
"token": "7QZlIFLZy3A6z_nJDMcQvzXo4-1362RCdANWtUmIq6I"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/72511158280/SnaKeg",
"token": "7QZlIFLZy3A6z_nJDMcQvzXo4-1362RCdANWtUmIq6I"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/72511158280/APhoDw",
"token": "7QZlIFLZy3A6z_nJDMcQvzXo4-1362RCdANWtUmIq6I"
}
]
}
Storing nonce: 0001IgUOK8PcziaoPe1i1THK_T2Q0AKA0Z8m2GPacxvQxkM
Performing the following challenges:
http-01 challenge for mark.tiggas.us
Adding a temporary challenge validation Include for name: mark.tiggas.us in: /etc/apache2/sites-enabled/mark.tiggas.us.conf
Adding a temporary challenge validation Include for name: mark.tiggas.us in: /etc/apache2/sites-enabled/mark.tiggas.us.conf
writing a pre config file with text:
RewriteEngine on
RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted
</Directory>
<Location /.well-known/acme-challenge>
Require all granted
</Location>
Creating backup of /etc/apache2/sites-enabled/mark.tiggas.us.conf
Waiting for verification...
JWS payload:
b'{\n "resource": "challenge",\n "type": "http-01"\n}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/72511158280/B5rPTQ:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzcwODY5MTEiLCAibm9uY2UiOiAiMDAwMUlnVU9LOFBjemlhb1BlMWkxVEhLX1QyUTBBS0EwWjhtMkdQYWN4dlF4a00iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzcyNTExMTU4MjgwL0I1clBUUSJ9",
"signature": "PewVhD-xKjtBQYFDY-W-NBEymn6tb96nyC4LASLDZbayww7w24noqLWAQQ7auFAbNeZhwhOQN79A1wydc9PAiaUCDzyqc0UV4sF2ltDS7vfKWOZJaq95wPzDzYvjB8UDltOWzbUzHcRfVVa2wPuX5KAUtU0SZyje_vYj4f25VCcyRLtZLwIKvPGLgU3CavZmvTtF0frgAYYtkTGj6IDuVPb4NWm43uSVXefSsIK_oPtGkFylaQKsAGN8-bgcLThX7CG1Kb_7h7G4P9Nq6YZXO3fn046XxAT-B5s_UMPn6aHGVVJwgTGEkrpP641E-9BjUtF-f6FgD4-q6rUcDeqDsw",
"payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/72511158280/B5rPTQ HTTP/1.1" 200 186
Received response:
HTTP 200
Server: nginx
Date: Thu, 27 Jan 2022 19:19:44 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 77086911
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/72511158280>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/72511158280/B5rPTQ
Replay-Nonce: 0001_IRQOWjG_ERN6Jnx9JpJ6hiWrP6EWK5SUTWG_d-fbjg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/72511158280/B5rPTQ",
"token": "7QZlIFLZy3A6z_nJDMcQvzXo4-1362RCdANWtUmIq6I"
}
Storing nonce: 0001_IRQOWjG_ERN6Jnx9JpJ6hiWrP6EWK5SUTWG_d-fbjg
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/72511158280:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzcwODY5MTEiLCAibm9uY2UiOiAiMDAwMV9JUlFPV2pHX0VSTjZKbng5SnBKNmhpV3JQNkVXSzVTVVRXR19kLWZiamciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzcyNTExMTU4MjgwIn0",
"signature": "abYMx8BccWmwR64vLDIHfWwhRS_k0S0hH55vXWueWKJ0q1tA1hUwAvhJGuWA8BPTrCoYMC92lOvwSty4so-KB3gxy1rAq8JWC8Y4dkjB9GWZNJYMg72E1Ya6BT8lYjYw3cJekGiTH1Ionz2MG8PYK3uydGWUSPQ3J-L2PX8fh6bFa3EJMSwegp8oloWc-KYL2kg_lQY-outiI7nkdTqwNJSGAXf6DeIN9aTjcUAWS9-U55ZPv9xGu76sdDrQ7uEZSviF-ferOTcZVHI7NWIshBT0rcZArXb6EZKdj9cctlIGdnuJFdnUAF7QOU2PfrVwrQzwjGFNQVSwicIsx--FrA",
"payload": ""
}
https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/72511158280 HTTP/1.1" 200 1320
Received response:
HTTP 200
Server: nginx
Date: Thu, 27 Jan 2022 19:19:47 GMT
Content-Type: application/json
Content-Length: 1320
Connection: keep-alive
Boulder-Requester: 77086911
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002yXAdINb7LCo8mmxGFG8qwgYqD2uCLWH5re6vgl8YOr4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "mark.tiggas.us"
},
"status": "invalid",
"expires": "2022-02-03T19:19:40Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "Fetching https://mark.tiggas.us/.well-known/acme-challenge/7QZlIFLZy3A6z_nJDMcQvzXo4-1362RCdANWtUmIq6I: Connection refused",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/72511158280/B5rPTQ",
"token": "7QZlIFLZy3A6z_nJDMcQvzXo4-1362RCdANWtUmIq6I",
"validationRecord": [
{
"url": "http://mark.tiggas.us/.well-known/acme-challenge/7QZlIFLZy3A6z_nJDMcQvzXo4-1362RCdANWtUmIq6I",
"hostname": "mark.tiggas.us",
"port": "80",
"addressesResolved": [
"73.164.58.57"
],
"addressUsed": "73.164.58.57"
},
{
"url": "https://mark.tiggas.us/.well-known/acme-challenge/7QZlIFLZy3A6z_nJDMcQvzXo4-1362RCdANWtUmIq6I",
"hostname": "mark.tiggas.us",
"port": "443",
"addressesResolved": [
"73.164.58.57"
],
"addressUsed": "73.164.58.57"
}
],
"validated": "2022-01-27T19:19:44Z"
}
]
}
Storing nonce: 0002yXAdINb7LCo8mmxGFG8qwgYqD2uCLWH5re6vgl8YOr4
Reporting to user: The following errors were reported by the server:
Domain: mark.tiggas.us
Type: connection
Detail: Fetching https://mark.tiggas.us/.well-known/acme-challenge/7QZlIFLZy3A6z_nJDMcQvzXo4-1362RCdANWtUmIq6I: Connection refused
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. mark.tiggas.us (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://mark.tiggas.us/.well-known/acme-challenge/7QZlIFLZy3A6z_nJDMcQvzXo4-1362RCdANWtUmIq6I: Connection refused
Calling registered functions
Cleaning up challenges
Attempting to renew cert (mark.tiggas.us) from /etc/letsencrypt/renewal/mark.tiggas.us.conf produced an unexpected error: Failed authorization procedure. mark.tiggas.us (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://mark.tiggas.us/.well-known/acme-challenge/7QZlIFLZy3A6z_nJDMcQvzXo4-1362RCdANWtUmIq6I: Connection refused. Skipping.
Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 465, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1193, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 323, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. mark.tiggas.us (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://mark.tiggas.us/.well-known/acme-challenge/7QZlIFLZy3A6z_nJDMcQvzXo4-1362RCdANWtUmIq6I: Connection refused
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mark.tiggas.us/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mark.tiggas.us/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Running post-hook command: /etc/letsencrypt/renewal-hooks/post/copyToMail.sh
Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 490, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mark.tiggas.us
Type: connection
Detail: Fetching
https://mark.tiggas.us/.well-known/acme-challenge/7QZlIFLZy3A6z_nJDMcQvzXo4-1362RCdANWtUmIq6I:
Connection refused
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version):
Apache2
The operating system my web server runs on is (include version):
Debian 10.11
My hosting provider, if applicable, is:
self-hosted
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.31.0
