Cert Auto renew fails --noip.com dns provider

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: wetland3.ddns

I ran this command: certbot renew --nginx from nginx docker console

It produced this output: Plugin not installed

My web server is (include version): Hostinger free web hosting; version ?

The operating system my web server runs on is (include version): Linux I quess; unknown.

My hosting provider, if applicable, is: Hostinger

I can login to a root shell on my machine (yes or no, or I don't know): Yes; with nginx docker console

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
yes, C panel version ?

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.5.0

letsencrypt.log

William

ESP32 running Asyncwebserver feeds Hostinger; programed in C++ Programming Language..

Hi @Sirquil, and welcome to the LE community forum :slight_smile:

The first file shared shows NPM - that can be problematic.
It also shows that a cert had already been issued.
/etc/letsencrypt/live/npm-1/fullchain.pem
What shows?:

certbot certificates

The log file shows:
"detail": "68.45.250.167: Invalid response from http://wetland3.ddns.net/.well-known/acme-challenge/yUrf2Q4QJUg0qZgYZYeV-I6X43F3npJ7bIsrA-RiKXk: 404",
We should confirm your IP, with:

curl ifconfig.io

We should have a look at the complete nginx configuration, with:

nginx -T

2 Likes

What shows? Certificate; should I post certificate?

curl ifconfig.io output:
68.45.250.167 My computer "public" WAN ipAddress. wetland3.ddns.net masks 68.45.250.167:8030/Weather-3 issued by "no-ip.com."

nginx -T output

This my first experience with nginx docker container and letsencrypt. Cert was issued and has worked a couple of months without issue. Received email from letsencrypt to renew. Checked nginx docker log file and observed cert auto renew is not working.

William

Using the online tool Let's Debug yields these results https://letsdebug.net/wetland3.ddns/1689961

InvalidDomain
FATAL
"wetland3.ddns" is not a valid domain name that Let's Encrypt would be able to issue a certificate for.
Domain doesn't end in a public TLD

This tells me that from Let's Encrypt's point of view that .DDNS doesn't end in a public TLD.
(True but now irrelevant.)

Update: after reading through

I see the actual domain name is wetland3.ddns.net and
https://letsdebug.net/wetland3.ddns.net/1689965 yields OK.

1 Like

Hi @Sirquil, I see this from the log you provided; I see posts often of issues with NPM, as a recent example

2023-11-26 13:30:51,125:ERROR:certbot._internal.renewal:Failed to renew certificate npm-1 with error: Some challenges have failed.
2023-11-26 13:30:51,131:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 533, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1547, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 129, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/renewal.py", line 395, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-11-26 13:30:51,132:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2023-11-26 13:30:51,132:ERROR:certbot._internal.renewal:All simulated renewals failed. The following certificates could not be renewed:
2023-11-26 13:30:51,134:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/npm-1/fullchain.pem (failure)
1 Like

The nginx config has issues.
Doing both of these in one vhost is problematic:

listen 80;
listen [::]:80;

listen 443 ssl http2;
listen [::]:443 ssl http2;

And it also includes this twice:

    # Force SSL
    include conf.d/include/force-ssl.conf;

[as if that was going to forcibly fix something]

3 Likes

Please post the output of the command:

certbot certificates

2 Likes

I removed the docker container; when did it removed the Certificates.

Will attempt reinstalling eveything today. Did not know what else to do when you said NPM was problematic.

William

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.