After repeated tries I’m not able to renew my certificates with certbot;
I’ve tried to renew with
- sudo certbot --nginx
- sudo certbot --authenticator standalone --installer nginx -d nutthause.com -d helios.nutthause.com -d media2.nutthause.com -d silo-omv.nutthause.com -d silo2-omv.nutthause.com -d www.nutthause.com --pre-hook “systemctl stop nginx” --post-hook “systemctl start nginx”
- certbot --duplicate --nginx
- sudo certbot renew --preferred-challenges http --nginx
- /usr/bin/certbot --duplicate --nginx certonly
- sudo certbot renew --dry-run
Please let me know if there is anything else I need to supply to get my certificates renewed.
My domain is:
nutthause.com
I ran this command:
sudo certbot renew --preferred-challenges http --nginx
It produced this output:
sudo certbot renew --preferred-challenges http --nginx
[sudo] password for “a user name”:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/nutthause.com.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for helios.nutthause.com
http-01 challenge for media2.nutthause.com
http-01 challenge for nutthause.com
http-01 challenge for silo-omv.nutthause.com
http-01 challenge for silo2-omv.nutthause.com
http-01 challenge for www.nutthause.com
Using default address 80 for authentication.
Using default address 80 for authentication.
Using default address 80 for authentication.
Using default address 80 for authentication.
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (nutthause.com) from /etc/letsencrypt/renewal/nutthause.com.conf produced an unexpected error: Failed authorization procedure. helios.nutthause.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://helios.nutthause.com/.well-known/acme-challenge/heVb70QWW0VMnfrpN2fkZPop0jj0J7RtBYIFE7mU2Cg: Timeout during connect (likely firewall problem), silo-omv.nutthause.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://silo-omv.nutthause.com/.well-known/acme-challenge/A_FtHe8JMcYP5fA6-ijwOiYA1SBpGMVxWsAYTqzWi-g: Timeout during connect (likely firewall problem), www.nutthause.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.nutthause.com/.well-known/acme-challenge/Lq6Adlal4_oYAwblJJGLiIuV-J2rOtIw_D-SqXISUHI: Timeout during connect (likely firewall problem), media2.nutthause.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://media2.nutthause.com/.well-known/acme-challenge/1U3W_CAgeOUmjNr_4atYA29_liXTy-DjjQlGeiVeckg: Timeout during connect (likely firewall problem), silo2-omv.nutthause.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://silo2-omv.nutthause.com/.well-known/acme-challenge/kvT1Xzksdber3l9Fx2DZ3_Vvx4yOWPT3MakfVbCW59c: Timeout during connect (likely firewall problem), nutthause.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://nutthause.com/.well-known/acme-challenge/1XI4hgfkGpHr6Bm7fbGA09wdbGYyWYmfWZH_O8_kUqQ: Timeout during connect (likely firewall problem). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/nutthause.com/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/nutthause.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: helios.nutthause.com
Type: connection
Detail: Fetching
http://helios.nutthause.com/.well-known/acme-challenge/heVb70QWW0VMnfrpN2fkZPop0jj0J7RtBYIFE7mU2Cg:
Timeout during connect (likely firewall problem)Domain: silo-omv.nutthause.com
Type: connection
Detail: Fetching
http://silo-omv.nutthause.com/.well-known/acme-challenge/A_FtHe8JMcYP5fA6-ijwOiYA1SBpGMVxWsAYTqzWi-g:
Timeout during connect (likely firewall problem)Domain: www.nutthause.com
Type: connection
Detail: Fetching
http://www.nutthause.com/.well-known/acme-challenge/Lq6Adlal4_oYAwblJJGLiIuV-J2rOtIw_D-SqXISUHI:
Timeout during connect (likely firewall problem)Domain: media2.nutthause.com
Type: connection
Detail: Fetching
http://media2.nutthause.com/.well-known/acme-challenge/1U3W_CAgeOUmjNr_4atYA29_liXTy-DjjQlGeiVeckg:
Timeout during connect (likely firewall problem)Domain: silo2-omv.nutthause.com
Type: connection
Detail: Fetching
http://silo2-omv.nutthause.com/.well-known/acme-challenge/kvT1Xzksdber3l9Fx2DZ3_Vvx4yOWPT3MakfVbCW59c:
Timeout during connect (likely firewall problem)Domain: nutthause.com
Type: connection
Detail: Fetching
http://nutthause.com/.well-known/acme-challenge/1XI4hgfkGpHr6Bm7fbGA09wdbGYyWYmfWZH_O8_kUqQ:
Timeout during connect (likely firewall problem)To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version):
dpkg -l nginx:
nginx 1.10.3-0ubuntu0.16.04.3
The operating system my web server runs on is (include version):
Linux Mint 18 Sarah based on Ubuntu 16.04
My hosting provider, if applicable, is:
Zoneedit is hosting my domain
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
certbot 0.31.0
The nginx webserver is sitting behond a smoothwall firewall with these port forwarding rules:
1 ACCEPT tcp – anywhere www.nutthause.com state NEW tcp dpt:http
2 ACCEPT tcp – anywhere www.nutthause.com state NEW tcp dpt:https
Please not when I’m not renewing the certificates these Snoothwall forwarding rules are disabled, and only enable while renewing the certificates.
The webserver has these firewall rules:
sudo ufw status
Status: active
To Action From
22/tcp ALLOW Anywhere (log)
443/tcp ALLOW Anywhere (log)
80/tcp ALLOW Anywhere (log)
22/tcp (v6) ALLOW Anywhere (v6) (log)
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
22 ALLOW OUT Anywhere (log)
22 (v6) ALLOW OUT Anywhere (v6) (log)
Here is the tail -f letsencrypt.log of the above command: “sudo certbot renew --preferred-challenges http --nginx”
Please use this ubuntu pastebin https://paste.ubuntu.com link below to view the letsencrypt.log:
https://paste.ubuntu.com/p/8X8D88tFJr/
Thanks