Can't renew one of my domains

Hi - I noticed that after upgrading certbot from the Ubuntu apt repos to a snap, certbot said it wasn't running:

~$ systemctl
snap.certbot.renew.service  loaded failed failed

Certbot seems to be parsing the other certs on the machine, but one of them trips it up maybe?

My domain is: hashnext.com

I ran this command: renew

It produced this output:

2021-02-06 10:25:25,848:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2021-02-06 10:25:25,848:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/www.hashnext.com/fullchain.pem (failure)
2021-02-06 10:25:25,848:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-02-06 10:25:25,848:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/952/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/952/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/952/lib/python3.8/site-packages/certbot/_internal/main.py", line 1413, in main
    return config.func(config, plugins)
  File "/snap/certbot/952/lib/python3.8/site-packages/certbot/_internal/main.py", line 1317, in renew
    renewal.handle_renewal_request(config)
  File "/snap/certbot/952/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 510, in handle_renewal_request
    raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2021-02-06 10:25:25,849:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)

My web server is (include version): Apache 2

The operating system: Ubuntu 18.04

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site: no

The version of my client is: 1.12.0

Strange. The parse failure suggests it can't parse one of the renewal configuration files. But certbot should present this error with more context on the command line.

You mean you ran certbot renew? What was the output on the command line when you ran that?

Sorry, I meant those entries were in the log from the certbot cronjob. This is what I get when I manually run certbot renew:

 - The following errors were reported by the server:

   Domain: hashnext.com
   Type:   connection
   Detail: Fetching
   http://hashnext.com/.well-known/acme-challenge/5KARYHYvLbqmOYqrqZFf-p2gJ7yjs3-XCMk63Z0StJU:
   Timeout during connect (likely firewall problem)

Hi @gilgongo

there are some errors, see hashnext.com - Make your website better - DNS, redirects, mixed content, certificates

Your non-www has ipv4 and ipv6 - http doesn't answer. Timeouts -> http validation can't work.

Your www has only one ipv4 - but different. Is that the same machine? If not, Certbot + http validation may be impossible.

Ah OK - yes I think somebody else configured that domain. I forgot to check whether it was pointing at the right IP like the other domains are.

Thanks - will chase that.

(still a bit odd that the certbot service refuses to run but I think it is ... working?)

Whoops, I read the log incorrectly, it actually was a renewal failure as your output also says, not a parse error.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.