Cannot renew - Some challenges have failed

Help
1

Hi,
I try to renew my certificate but without success. My firewall seems to be ok, I saw traffic though http (port 80 is well opened)

image
image1064×297 28.9 KB

i've attached my nginx sites-available file.
I don't know if it's secure to attache my complete letsencrypt.log file ?

in the letsencrypt.log, I've this line for all my domain name:
{
"identifier": {
"type": "dns",
"value": "www.sgigroupe.org"
},
"status": "invalid",
"expires": "2024-12-24T13:34:31Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/10832739/15401454834/76LqiA",
"status": "invalid",
"validated": "2024-12-17T13:34:45Z",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "185.173.180.142: Fetching http://www.sgigroupe.org/.well-known/acme-challenge/xxxxx: Timeout during connect (likely firewall problem)",
"status": 400
},
"token": "xxx",
"validationRecord": [
{
"url": "http://www.sgigroupe.org/.well-known/acme-challenge/xxx",
"hostname": "www.sgigroupe.org",
"port": "80",
"addressesResolved": [
"185.173.180.142"
],
"addressUsed": "185.173.180.142"
}
]
}

Thank you for your help.

www.sgigroupe.com.txt (5.2 KB)

My domain is:sgigroupe.com

I ran this command: certbot renew --dry-run

It produced this output:
Failed to renew certificate sgigroupe.net with error: Some challenges have failed.

All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/sgigroupe.net/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version): nginx/1.18.0

The operating system my web server runs on is (include version):ubuntu 22.04

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.21.0

1 Like
2

Welcome to the community @itservice

Does that problem repeat? Because I cannot reproduce the timeout problem right now. Both Let's Debug connection attempts succeed. One of those uses the Let's Encrypt staging system similar to your --dry-run test that failed.

1 Like
3

Yes, I try to renew since yesterday and still have the same error message :frowning:
same error when I try the command: certbot renew

4

Euhhh I just tried it right now, without modifying anything and it works...

root@reverseproxy:~# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/sgigroupe.net.conf

Renewing an existing certificate for sgigroupe.net and 35 more domains

Congratulations, all renewals succeeded:
/etc/letsencrypt/live/sgigroupe.net/fullchain.pem (success)

I really don't know what happened but anyway thank you! :smiley:

1 Like
5

I don't know either :slight_smile: But glad it is working

1 Like
6

There may be something spurious going on with certbot renew in the past 24 hours or so. I had a similar failure (1st failure in 5 years and 20 or so renewals). It gave the same "likely firewall problem" and I dropped my firewall and ran certbot renew again and all succeeded -- but I have my doubts if it was really firewall related.

My similar question is 1 of 15 domains failed certbot renew of cert...

7

Well, possibly but with over 5 million certs issued per day we would likely see more trouble reports here if that was so :slight_smile:

Note your problem is with a "Secondary" center and this was from the "Primary". These are very diverse comms networks.

A timeout problem is the most common thing we see and it has a wide variety of causes. Please see my reply to your thread. Thanks

1 Like