All simulated renewals failed. The following certificates could not be renewed: fullchain.pem

hossamahmedhamdi · September 11, 2022, 3:13pm

My domain is: rabt.com.sa

I ran this command: sudo certbot renew --dry-run

It produced this output:

All simulated renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/rabt.com.sa/fullchain.pem (failure)

My web server is (include version): Ubuntu 20

The operating system my web server runs on is (include version): Ubuntu 20

I can login to a root shell on my machine (yes or no, or I don't know): Yes

The version of my client is: 1.30.0

MikeMcQ · September 11, 2022, 4:03pm

Welcome to the community @hossamahmedhamdi

The other output lines would be helpful to. Those show the reason for the failure.

But, I can make a good guess. Your port 80 is not open. Your site must reply to requests to HTTP to satisfy the HTTP challenge.

If you are using the DNS Challenge port 80 is not needed to be open. But, then please show the other error lines please.

hossamahmedhamdi · September 11, 2022, 4:20pm

sudo ss -ltn
State   Recv-Q   Send-Q     Local Address:Port      Peer Address:Port  Process
LISTEN  0        4096       127.0.0.53%lo:53             0.0.0.0:*
LISTEN  0        128              0.0.0.0:22             0.0.0.0:*
LISTEN  0        100              0.0.0.0:25             0.0.0.0:*
LISTEN  0        70             127.0.0.1:33060          0.0.0.0:*
LISTEN  0        151            127.0.0.1:3306           0.0.0.0:*
LISTEN  0        32                     *:21                   *:*
LISTEN  0        128                 [::]:22                [::]:*
LISTEN  0        100                 [::]:25                [::]:*
LISTEN  0        511                    *:443                  *:*
LISTEN  0        511                    *:80                   *:*

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: rabt.com.sa
  Type:   connection
  Detail: 40.91.252.129: Fetching http://rabt.com.sa/.well-known/acme-challenge/JEHSCws9diK2Vc5DwQXwCUBnjiGcIWpkZhB4aPTHD-w: Timeout during connect (likely firewall problem)

  Domain: www.rabt.com.sa
  Type:   connection
  Detail: 40.91.252.129: Fetching http://www.rabt.com.sa/.well-known/acme-challenge/v4Z-9d2oEzU_KggQSp_0bWYZWf3mhKr6fmxzFr6IX7E: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

The log file is very big don't know what else to do!

MikeMcQ · September 11, 2022, 4:57pm

You should check any router or firewall. Because from my part of the world port 80 is blocked (filtered).

Nmap scan report for rabt.com.sa (40.91.252.129)
PORT    STATE    SERVICE
22/tcp  open     ssh
80/tcp  filtered http
443/tcp open     https

I see you got certs before (see crt.sh history) but not recently. So, maybe your ISP now blocks port 80? That's another thing to check

hossamahmedhamdi · September 12, 2022, 11:40am

Thanks I opened the port from Azure configuration and it worked

system · October 12, 2022, 11:41am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.