Certbot cannot renew

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: knightsofsor-reath.com

I ran this command: cerbot renew

It produced this output: Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: knightsofsor-reath.com
Type: dns
Detail: no valid A records found for knightsofsor-reath.com; no valid AAAA records found for knightsofsor-reath.com

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Failed to renew certificate knightsofsor-reath.com with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:
C:\Certbot\live\knightsofsor-reath.com\fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): ?

The operating system my web server runs on is (include version): windows 10 10.0.19045 build 19045

My hosting provider, if applicable, is: ?

I can login to a root shell on my machine (yes or no, or I don't know): ? not sure i think so

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

when i do certbot renew -v i get this:

Saving debug log to C:\Certbot\log\letsencrypt.log

Processing C:\Certbot\renewal\knightsofsor-reath.com.conf

Certificate is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate for knightsofsor-reath.com
Performing the following challenges:
http-01 challenge for knightsofsor-reath.com
Waiting for verification...
Challenge failed for domain knightsofsor-reath.com
http-01 challenge for knightsofsor-reath.com

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: knightsofsor-reath.com
Type: dns
Detail: no valid A records found for knightsofsor-reath.com; no valid AAAA records found for knightsofsor-reath.com

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Cleaning up challenges
Failed to renew certificate knightsofsor-reath.com with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:
C:\Certbot\live\knightsofsor-reath.com\fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

Your domain name resolves to the IP address 192.168.1.137, which is a private address space. Those IP addresses cannot be used on the public internet.

so what can i do to get my server public/

Change the IP address of your hostname to the public IP address of your server.

If you require more detailed advice, we'd also need more details regarding your server/hosting setup.

my domain is hosted by hostinger, i'm using the server for a foundrtyVTT

what info do you need?

Where is your server hosting the FoundryVTT software situated? At home? At a hosting provider? If you're running that server at home, how is your networking situation? What is your internet service provider? Do you have a NAT router or is the server running FoundryVTT directly connected to the internet?

Also, what changed between now and April this year, when it all still worked?

a home tower server, isp is spectrum, i have a netgear nighthawk router.. and i'm not sure other than i had to factory reset the router a few times and the ip had changed. i had updated hostinger records

Sounds like you updated the hostinger DNS records to the incorrect IP address.

You need to figure out the public IP address of your Netgear router. You should be able to find it in your router (the IP address you need is associated with what is usually called the "WAN" interface). Or you can just go to https://ifconfig.co/ and see it on that website.

If you reset your router, you probably also need to NAT portmap port 80 and 443 again to your server running Certbot/FoundryVTT. Please refer to your routers manual to see how that's done.

ok so set the A record to reflect the public ip which starts with 69.
i'm pretty sure i have the ports forward-ed to 80 and 443 already

wow! that did it. thanks sooo much for your time.

It did? Hm, OK, I'm glad for you It's just: I can't connect to port 80 from my endpoint, so I thought that there might be a firewall still up messing around. But if renewal worked and your site works for your customers, well, who am I to complain

well it renewed.

now i need to turn on the foundry and see if i can connect securely

i'm in and its secure. woot.

Yes, but, your port 80 is "filtered" so the renewal in 60 days will fail if that is not open then.

now its not secure saying the dates dont match...
it was working 2 hrs ago
it ran out on the 19th but i couldnt get renew to work until today
certbot says im good till 11/19/2023
but my browser wont connect privacy error

Your "express" based server is sending out the old expired cert. Did you change anything in its config since it worked? Does it require an update to the Windows keystore or something?

Use a site like this SSL Checker to see the cert. Sometimes it is just browser cache problem but in this case you are sending the older cert

should i do that on the server's browser? or any pc. im on a dif pc right now chatting.