Auto renew and renew fail in Raspberry pi

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
aplanetbit.com

I ran this command:
sudo certbot renew --dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/aplanetbit.com.conf


Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for aplanetbit.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (aplanetbit.com) from /etc/letsencrypt/renewal/aplanetbit.com.conf produced an unexpected error: Failed authorization procedure. aplanetbit.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://aplanetbit.com/.well-known/acme-challenge/bRlBmyiaEP8cwH-vgIsB2BZj5HUR4wfQIbYAd8jxLzs: Timeout during connect (likely firewall problem). Skipping.

My web server is (include version):
Server version: Apache/2.4.38 (Raspbian)
Server built: 2020-08-25T20:08:29

The operating system my web server runs on is (include version):
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian

I can login to a root shell on my machine (yes or no, or I don't know):
Yes, I can login to a root shell in my raspberry pi

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
I'm using the CLI

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.31.0

Could you give a hand with this issue?
Thanks.

2 Likes

Hi @aplanetbit

please read your error message:

There is your job: A working port 80 / http is required if you want to use http validation.

Not a timeout.

3 Likes

Thanks a lot JuergenAuer
I opened port 80 in the router and that made the trick.
:slight_smile:

4 Likes

Yep, now your port 80 answers. :+1:

2 Likes