The certificate automatic renewal has stopped working.The certificate is still valid and I am able to access my webserver at http://krewik.net/ which redirects to and https://krewik.net/.
But the automatic renewal has not gone thru and when I attempt to trigger it manually I get an error message, see below. In an attempt to solve the issue I followed these instructions Certbot Instructions | Certbot and installed snapd and replaced the certbot with it's version but the issue persits - connection refused.
Could it be that certbot is not creating the challenge files in the correct place or that the webserver is unable to read them?
Any help is very much appreciated.
My domain is: krewik.net
I ran this command: sudo certbot renew
It produced this output:
matias@rpi4-lamp:~$ sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/krewik.net.conf
Renewing an existing certificate for krewik.net and 2 more domains
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: krewik.net
Type: connection
Detail: 188.149.197.26: Fetching http://krewik.net/.well-known/acme-challenge/TB68WccEicn2RFOFI7HCrp7zGu7mvI9k1CvZ4wu6CIc: Connection refused
Domain: wishlist.krewik.net
Type: connection
Detail: 188.149.197.26: Fetching http://wishlist.krewik.net/.well-known/acme-challenge/z2qXrBeMJzfa7PVGonsjhPqNpbg5CqKx9byKMmrJVA0: Connection refused
Domain: www.krewik.net
Type: connection
Detail: 188.149.197.26: Fetching http://www.krewik.net/.well-known/acme-challenge/Scx_wVfcvQ-ZCx_9bpx7kaueBDQpi4BtlnZ4QZyNVRI: Connection refused
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Failed to renew certificate krewik.net with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/krewik.net/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version):
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2022-06-14T13:30:55
The operating system my web server runs on is (include version):
Linux rpi4-lamp 5.4.0-1066-raspi #76-Ubuntu SMP PREEMPT Mon Jun 27 11:02:52 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
My hosting provider, if applicable, is:
Not applicable, hosting in my own raspberry pi
I can login to a root shell on my machine:
Yes
I'm using a control panel to manage my site:
No
The version of my client is:
certbot 1.29.0