Cert was not autorenewd


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cloud.fr0scher.de

I ran this command: letsencrypt certonly -a webroot --webroot-path=/var/www/letsencrypt --rsa-key-size 4096 -d cloud.fr0scher.de

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.fr0scher.de
Using the webroot path /var/www/letsencrypt for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Unable to clean up challenge directory /var/www/letsencrypt/.well-known/acme-challenge
Failed authorization procedure. cloud.fr0scher.de (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://cloud.fr0scher.de/.well-known/acme-challenge/wrsu_zln1471AW9ur2EzVELyOaQD_NthbwDCVqMrZ0g: Error getting validation data

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: cloud.fr0scher.de
    Type: connection
    Detail: Fetching
    http://cloud.fr0scher.de/.well-known/acme-challenge/wrsu_zln1471AW9ur2EzVELyOaQD_NthbwDCVqMrZ0g:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): nginx/1.15.3

The operating system my web server runs on is (include version): Debian 9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I have a server at home and use an account at no-ip.org to publish it to the internet with portforwarding in my fritz box. cloud.fr0scher.de is just a cname at my provider.


#2

Hi @timmekk

your http port 80 doesn’t answer ( https://check-your-website.server-daten.de/?q=cloud.fr0scher.de ):


Domainname Http-Status redirect Sec. G
http://cloud.fr0scher.de/
83.135.125.224 -14 10.033 T
Timeout - The operation has timed out
https://cloud.fr0scher.de/
83.135.125.224 302 https://cloud.fr0scher.de/login 5.820 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://cloud.fr0scher.de/login 200 1.344 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
http://cloud.fr0scher.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
83.135.125.224 -14 10.027 T
Timeout - The operation has timed out

You must have a running port 80. Your certificate

CN=cloud.fritz.box
18.09.2018
15.09.2028
cloud.fritz.box - 1 entry

is a self signed fritz.box. Do you have a port forwarding port 80 -> your webserver instance?


#3

oh okay. I have now forwarded the port 80 to our server. but does not work.


#4

It’s the same problem, timeout. Querying

http://cloud.fr0scher.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
83.135.125.224
-14 10.026 T Timeout - The operation has timed out

there is a http status 404 required, so your server must answer.


#5

This doesn’t seem like a REAL webroot.
The Webroot must match the Document Root folder.