Can't create new certivicate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: vikijob.ch

I ran this command:certbot certonly -a standalone -d vikijob.ch -d www.vikijob.ch -d adm.vikijob.ch

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for adm.vikijob.ch
http-01 challenge for vikijob.ch
http-01 challenge for www.vikijob.ch
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.vikijob.ch (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.vikijob.ch/.well-known/acme-challenge/yP5gONuPMMGETGUiPhbdl01O2oKLOwHbAsi4VX9EPto: Timeout during connect (likely firewall problem), adm.vikijob.ch (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the
client to verify the domain :: Fetching http://adm.vikijob.ch/.well-known/acme-challenge/FALw88DxT0081KfQ3b-v4OaRSejJGHhx_Pw3NA4juUw: Timeout during connect (likely firewall problem), vikijob.ch (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://vikijob.ch/.well-known/acme-challenge/z8p0zSB_8kIrMJ3EKtbALDuWREHhgQR-00FMmcoyNKg: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:www.novatrend.ch

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.28.0

It seems like you probably have a firewall configured on your Debian server.

You will need to allow TCP traffic on ports 80 and 443 in order to issue and take advantage of a certificate.

Your are right. After I have opened the ports with ufw it worked.
The only problem is now that certbot did not update the link in live. Can I do it by my self or is there a commando for certbot to update it?

I'd be surprised if it was the real problem, if it's true it would be a major bug and nothing would work for anyone (very unlikely).
However, you used -certonly in your first (failed) command, if you used it again in the one that succeeded in creating a valid certificate, it's normal that your site is not updated, this -certonly command switch has just this effect. You have to copy the certificate where you want it, or try to use

certbot install

with the appropriate parameters for your web server (if available, it's impossible to say since you did not fill completely the help form), use certbot --help install if you don't know these parameters.

Hi @fm_hawk

perhaps use

update_symlinks:
  Recreates certificate and key symlinks in /etc/letsencrypt/live, if you
  changed them by hand or edited a renewal configuration file

https://certbot.eff.org/docs/using.html

There is a new check of your domain - https://check-your-website.server-daten.de/?q=vikijob.ch

Certificate creation had worked, but you use your old certificate.

Simple question: Did you restart your server? That's required so your server can use the new certificate.

And normally, you should be able to use your running webserver, not standalone.

So your website isn't interrupted.

Thank you all for your help. The page is running again.

And yes, I will change it in the next step to use the web-server for the certificate update.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.