Cert was not autorenewd

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cloud.fr0scher.de

I ran this command: letsencrypt certonly -a webroot --webroot-path=/var/www/letsencrypt --rsa-key-size 4096 -d cloud.fr0scher.de

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.fr0scher.de
Using the webroot path /var/www/letsencrypt for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Unable to clean up challenge directory /var/www/letsencrypt/.well-known/acme-challenge
Failed authorization procedure. cloud.fr0scher.de (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://cloud.fr0scher.de/.well-known/acme-challenge/wrsu_zln1471AW9ur2EzVELyOaQD_NthbwDCVqMrZ0g: Error getting validation data

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: cloud.fr0scher.de
  Type: connection
  Detail: Fetching
  http://cloud.fr0scher.de/.well-known/acme-challenge/wrsu_zln1471AW9ur2EzVELyOaQD_NthbwDCVqMrZ0g:
  Error getting validation data

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you’re using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided.

My web server is (include version): nginx/1.15.3

The operating system my web server runs on is (include version): Debian 9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I have a server at home and use an account at no-ip.org to publish it to the internet with portforwarding in my fritz box. cloud.fr0scher.de is just a cname at my provider.

Hi @timmekk

your http port 80 doesn't answer ( https://check-your-website.server-daten.de/?q=cloud.fr0scher.de ):

You must have a running port 80. Your certificate

CN=cloud.fritz.box
18.09.2018
15.09.2028
cloud.fritz.box - 1 entry

is a self signed fritz.box. Do you have a port forwarding port 80 -> your webserver instance?

oh okay. I have now forwarded the port 80 to our server. but does not work.

It's the same problem, timeout. Querying

• http://cloud.fr0scher.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
83.135.125.224
-14 10.026 T Timeout - The operation has timed out

there is a http status 404 required, so your server must answer.

This doesn't seem like a REAL webroot.
The Webroot must match the Document Root folder.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.