My domain is:
pocketwiki.cau.ninja and wiki.pseudocode.site
I ran this command:
wiki.pseudocode.site
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/pocketwiki.cau.ninja.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate for pocketwiki.cau.ninja and wiki.pseudocode.site
Performing the following challenges:
http-01 challenge for pocketwiki.cau.ninja
http-01 challenge for wiki.pseudocode.site
Waiting for verification...
Challenge failed for domain pocketwiki.cau.ninja
Challenge failed for domain wiki.pseudocode.site
http-01 challenge for pocketwiki.cau.ninja
http-01 challenge for wiki.pseudocode.site
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: pocketwiki.cau.ninja
Type: connection
Detail: 95.116.164.17: Fetching http://pocketwiki.cau.ninja/.well-known/acme-challenge/qyxJkAl_jkTRBw7pcSZCvMUHsJmnM1RCdUJKyWjfx_Q: Timeout during connect (likely firewall problem)
Domain: wiki.pseudocode.site
Type: connection
Detail: 95.116.164.17: Fetching http://wiki.pseudocode.site/.well-known/acme-challenge/pJDle8dk5oC5rlLpSWAj_6F0xe3ebDkm42Z1kx3GPds: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Cleaning up challenges
Failed to renew certificate pocketwiki.cau.ninja with error: Some challenges have failed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/wiki.pseudocode.site.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate for wiki.pseudocode.site
Failed to renew certificate wiki.pseudocode.site with error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/pocketwiki.cau.ninja/fullchain.pem (failure)
/etc/letsencrypt/live/wiki.pseudocode.site/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 renew failure(s), 0 parse failure(s)
My web server is (include version):
Apache 2.4.41
The operating system my web server runs on is (include version):
Ubuntu 20.4
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.29.0
It looks like a firewall is blocking any requests to port 80 (http) and port 443 (https).
You should check your firewall(s). Also check that your DNS is pointing to the right public IP for your server. The names seem like you might be using a dynamic DNS service. Maybe something has gone wrong.
That shows that IPv6 is failing and should be corrected or removed from DNS.
It might further indicate that some IP changes have taken place since the last certificate was issued/renewed. Which could mean that firewall/routing has also changed.
[pure guessing on my part]
Funny thing is the error message shows the IPv4 address. It normally shows the IPv6 addresses when an AAAA record is present. I cannot connect using either one.
@xtay2 Do those domains work from the public internet in your region? I tried a bunch of global areas and never connected.
Check you current IP addresses running these commands on the machine running certbot:
OK. The IPv4 result matches what you have for one domain (wiki). But, they don't match what your DNS has for pocketwiki. And, I only see pocketwiki with an AAAA record now.
I am signing off for a bit but maybe Rudy or someone can continue
nslookup wiki.pseudocode.site
wiki.pseudocode.site canonical name = xtay2.ddnss.de.
Address: 95.116.232.113
nslookup pocketwiki.cau.ninja
pocketwiki.cau.ninja canonical name = dennis-woithe.dynv6.net.
Address: 95.116.164.17
Address: 2a01:c23:9601:1bf1:3ea6:2fff:fede:3f3d
I can connect to the wiki domain with IPv4 now. Although, only with HTTP. An HTTPS request (port 443) looks like it is redirected to your port 80 server. Or, maybe is not setup right for HTTPS.
Some headers omitted for readability
curl -I4 http://wiki.pseudocode.site
HTTP/1.1 301 Moved Permanently
Date: Mon, 18 Jul 2022 23:33:30 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: https://wiki.pseudocode.site/index.php/Main_Page
curl -I4 Location: https://wiki.pseudocode.site/index.php/Main_Page
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
curl -I4 http://wiki.pseudocode.site:443
(see using http gets response from port 443, should not)
HTTP/1.1 301 Moved Permanently
Date: Mon, 18 Jul 2022 23:34:00 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: https://wiki.pseudocode.site/index.php/Main_Page
Those are issues but a cert request might succeed because this returns a 404 without redirecting so might work when used with actual request.
curl -I4 http://wiki.pseudocode.site/.well-known/acme-challenge/Test123
HTTP/1.1 404 Not Found
Date: Mon, 18 Jul 2022 23:41:53 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1