I'm running some servers protected with Letsencrypt and I'm freaking out about how to make auto-renewal work ... if I manually launch the renewal everything works fine.
the server is ubuntu 20 with apache behind a proxy and had set all variables in /etc/environment as well, i also set in /etc/cron.d/certbot export http_proxy = ...... && https_proxy = ...... command, but is the same.
the only different thing from another environment where everything works properly is that the icmp (traceroute) protocol is not open on the firewall.
I honestly don't understand why with the "certbot renew --dry-run" command everything works properly while it doesn't work automatically.
The best talent on this forum are reluctant to spend valuable time guessing at solutions when they have been provided so little information. Especially since you have indicated a proxy and firewall in your topology... More information would help get you a working solution a lot faster.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com 1), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version): Apache
The operating system my web server runs on is (include version): Ubuntu 20
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):