Cannot renew expired cert after migration

Help
1

Hi, I had to migrate my system to a new server. The IP.address had changed.
The old one is not reachable any more.
Unfortunately the cert got expired. I tried to renew it, but got an error. Even I can't revoke it.

My domain is:
nextcloud.rudalla.de

I ran this command:
certbot renew --cert-name nextcloud.rudalla.de

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/nextcloud.rudalla.de.conf

Renewing an existing certificate for nextcloud.rudalla.de

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: nextcloud.rudalla.de
Type: connection
Detail: 81.169.169.244: Fetching http://nextcloud.rudalla.de/.well-known/acme-challenge/dzb8nalh1C0Z-YCASGwmSWgBnejsbnBiVxz6fexPj9c: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Failed to renew certificate nextcloud.rudalla.de with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/nextcloud.rudalla.de/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version):
lighttpd

The operating system my web server runs on is (include version):
almalinux 8 (4.18.0-553.8.1.el8_10.x86_64)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
I'm working with cmd-line (bash)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.22.0

2

Well, revoking an expired certificate doesn't make any sense, and isn't needed anyway unless the key was compromised or some situation like that.

Have you done this?

4 Likes
3

Hi,
the problem is, that the IP address 81.169.169.244 is the one from the old system and is no longer avaible.

My new ip is 212.227.186.28

4

Then you need to update the DNS for your hostname accordingly.

4 Likes
5

Hi,
where can I do this?

6

I don't know. You said your domain name is nextcloud.rudalla.de, so I assumed that you had some control over it and were the one who set it up. If you're not, then you might need to find the person who did, or whomever you pay for the domain.

4 Likes
7

Does "Strato" ring a bell? The nameservers seems to be from something called "RZone(.de)" and if I google that, they seem to be Strato.

2 Likes
8

My server is a virtual host from strato with a fix ip address.

My domain is rudalla.de, nextcloud is a subdomain

I changed the A-record of the domain to the ip of my virtual host

on this host i installed a vhost (nextcloud.rudalla.de) in lighttpd

Before the migration all was running perfectly

the question is, where is the old ip saved in letsencrypt and can I change it?

9

Let's Encrypt does not save the "old ip". As noted by the other comments you need to update your DNS records to the new IP.

See this Google DNS lookup tool. It shows that domain still has your old IP. Let's Encrypt will start using your new IP once the public DNS has the correct value. Another option for checking the DNS is at https://unboundtest.com

https://dns.google/resolve?name=nextcloud.rudalla.de&type=A

5 Likes
10

Ok, thanks!
I think, it's clear now, where the problem is.

2 Likes
11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.