Can't update SSL on dynamic IP address

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: sotmnc.tropicalirish.com

I ran this command: certbot renew

It produced this output: Attempting to renew cert (sotmnc.tropicalirish.com) from /etc/letsencrypt/renewal/sotmnc.tropicalirish.com.conf produced an unexpected error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f4083aea550>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution')). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/sotmnc.tropicalirish.com/fullchain.pem (failure)

My web server is (include version): apache2

The operating system my web server runs on is (include version): ubuntu 20.04

My hosting provider, if applicable, is: Namecheap

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

Im very new to Linux, so I don't know much. I'm pretty sure it has to do with my IP address changing since first install of Certbot. I'm running a site for my Church so I Really need to get this working again.

Looks like your DNS resolving capabilities of your server are malfunctioning, which is something not specifically related to Let's Encrypt, but a general issue.

3 Likes

Fascinating.

What does that mean, and how do I fix it?

Very good question. I myself have no experience with Ubuntu, so I'm not the right person to ask I'm afraid. That said, this also is not the "help with general Linux issues" Community, so I'd suggest to look on the internet in general for other places which might help you fix this DNS resolving issue.

2 Likes

Thank You,

This kind of sucks for me then. Well thank you for your help :innocent:

1 Like

Try rebooting.

Maybe go with sudo systemctl status systemd-resolved

2 Likes

K, not sure what that command was supposed to do. Guessing it supposed to give me my IP address to match with current IP address.

Having your hostname resolve to the correct IP address is of course also one of the criteria for successful renewal, but is separate from the DNS resolving issue you are (were?) having.

3 Likes

Still having. Although, magical the site started working again, I still can't update Cert.

This is on a Dynamic IP address. Is there a way to update this address for Let's Encrypt?

Yes, since global DNS handles everything IP related, you only need to update the IP address in your DNS zone.

How do you update the IP address now when it changes?

3 Likes

I've only had this running for 3 months. So I never had to updated an IP address. Nor do I know how.

Did a quick search, and found that Cloudflare I think runs my DNS Zone. I'm just not sure how or where I would change IP address. I don't think I have a Cloudflare account.

BTW, thank you all for trhying to help out this lonely idiot, Im still learning.

There are two big requirements to set up Let's Encrypt (at least in the easiest way to do so):

  1. Have your web site be accessible (over HTTP) to the Internet (so that users can get to your site, and so that Let's Encrypt can validate it)
  2. Have your web server be able to connect outbound to the Internet (to have it be able to get to Let's Encrypt's API)

Once you have those two requirements working, usually getting Let's Encrypt set up is simple. But if you don't know how your domain name and web server are set up to be able to get them working, it's going to be harder for people here to be able to help you.

3 Likes

Yes Thank You

The site was accessible through the internet using sotmnc.tropicalirish, and users were able to log in just fine. the Server is at my place and there is a port in my firewall for it. My Domain name was bought from Namecheap. When my ip address changes, I would log into Namecheap and update my address to the website A record and the sight would work again after a few min.

1 Like

Hey, Thanks Everybody,

I was able to update Namecheap with current IP address. I tried again to update Cert but this time it gave me a different error to check my firewall. So I place my server behind a DMZ and tried the update again. Wooo Hooo, its working again.

1 Like

Only port 80 and, if there's a redirect to HTTPS, port 443, need to be open.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.