Cant renew certificate

My domain is:

I ran this command: certbot renew --dry-run

It produced this output: The following errors were reported by the server:

Type: connection
Detail: 41.X.X.X: Fetching
Timeout during connect (likely firewall problem)

My web server is (include version): Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): Centos 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

Port 80 needs to be open for the http-01 challenge. I can't connect to your site using HTTP either. Please see Best Practice - Keep Port 80 Open - Let's Encrypt

Also note that it doesn't make much sense to redact an IP address with the entire hostname next to it: the hostname resolves to the same IP address, so is public knowledge.


Port 80 is already open:
The result i get with the command: netstat -tulpn | grep --color :80
tcp 0 0* LISTEN 1974/httpd

firewall-cmd --zone=public --list-all: Result
target: default
icmp-block-inversion: no
interfaces: eth0
services: dhcpv6-client, http https mysql ssh
ports: 5404/tcp 5405/tcp 2224/tcp 7788/tcp 80/tcp 443/tcp 7799/tcp 7789/tcp
masquerade: no
rich rules:

I have checked other posts with the same issue and most of them are suggesting opening port 80 but it is already open.

That shows
How is that being reached by anyone on the Internet?


Still, I suspect a firewall (somewhere!) blocking port 80, because usually a non-bound port would result in an immediate "Connection closed" or something like that and not a timeout.

Timeouts are usually the result of a blocking firewall, dropping all packets, routing issues or incorrect IP address.


Something may have changed:

curl -Ii
HTTP/1.1 301 Moved Permanently
Date: Wed, 13 Jul 2022 14:43:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.3.33
Content-Type: text/html; charset=iso-8859-1

That's a good thing :slight_smile:

I don't see a renewal for now, not yet anyway.


Finally managed to renew. It was a firewall issue. only 443 were allowed and then I had to comment 'Listen 80' line in serverstatus.conf and uncomment the same line in httpd.conf. Silly mistake.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.