Form answers:
My domain is: gmallards.com
I ran this command: certbot --config-dir C:\Website\Tech\certbot\config-dir --work-dir C:\Website\Tech\certbot\config-dir\lib --logs-dir C:\Website\Tech\certbot\config-dir\log --pre-hook "net.exe stop Apache2.4" --post-hook "net.exe start Apache2.4" renew --dry-run
It produced this output:
Saving debug log to C:\Website\Tech\certbot\config-dir\log\letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing C:\Website\Tech\certbot\config-dir\renewal\gmallards.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hook 'pre-hook' ran with output:
The Apache2.4 service is stopping.
The Apache2.4 service was stopped successfully.
Simulating renewal of an existing certificate for gmallards.com
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: gmallards.com
Type: connection
Detail: Fetching http://gmallards.com/.well-known/acme-challenge/VT7dhhiJT-EkyMLo8hN5-5U6Sx7MThn2lhtRlZGsG2M: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Failed to renew certificate gmallards.com with error: Some challenges have failed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
C:\Website\Tech\certbot\config-dir\live\gmallards.com\fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hook 'post-hook' ran with output:
The Apache2.4 service is starting.
The Apache2.4 service was started successfully.
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Website\Tech\certbot\config-dir\log\letsencrypt.log or re-run Certbot with -v for more details.
C:\Website\Tech\certbot>
My web server is (include version):
Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.4.23
The operating system my web server runs on is (include version):
Windows 10 Version 20H2 (OS Build 19042.1348)
My hosting provider, if applicable, is:
Self-hosted
I can login to a root shell on my machine (yes or no, or I don't know):
I can make an administrator Command Prompt
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 1.16.0
This is puzzling: when I run my initial install with certbot [...] certonly --webroot
(some log directories are customised but I don't think that's the problem), I get a certificate for the next 3 months fine, and it works.
However, when I run the equivalent certbot [...] renew --dry-run
, it fails with the output above in the terminal and the letsencrypt.log
goes wrong around this part:
2021-11-14 13:18:39,535:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 14 Nov 2021 18:18:39 GMT
Content-Type: application/json
Content-Length: 1036
Connection: keep-alive
Boulder-Requester: 33707398
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 000165vCHQWSxqhpGtgdihTj0zq9WRXp4uWWqodDmaaKVtE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "gmallards.com"
},
"status": "invalid",
"expires": "2021-11-21T18:18:27Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "Fetching http://gmallards.com/.well-known/acme-challenge/VT7dhhiJT-EkyMLo8hN5-5U6Sx7MThn2lhtRlZGsG2M: Timeout during connect (likely firewall problem)",
"status": 400
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/936810368/sQccTA",
"token": "VT7dhhiJT-EkyMLo8hN5-5U6Sx7MThn2lhtRlZGsG2M",
"validationRecord": [
{
"url": "http://gmallards.com/.well-known/acme-challenge/VT7dhhiJT-EkyMLo8hN5-5U6Sx7MThn2lhtRlZGsG2M",
"hostname": "gmallards.com",
"port": "80",
"addressesResolved": [
"67.86.63.97"
],
"addressUsed": "67.86.63.97"
}
],
"validated": "2021-11-14T18:18:27Z"
}
]
}
2021-11-14 13:18:39,535:DEBUG:acme.client:Storing nonce: 000165vCHQWSxqhpGtgdihTj0zq9WRXp4uWWqodDmaaKVtE
2021-11-14 13:18:39,535:INFO:certbot._internal.auth_handler:Challenge failed for domain gmallards.com
2021-11-14 13:18:39,535:INFO:certbot._internal.auth_handler:http-01 challenge for gmallards.com
2021-11-14 13:18:39,535:DEBUG:certbot.display.util:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: gmallards.com
Type: connection
Detail: Fetching http://gmallards.com/.well-known/acme-challenge/VT7dhhiJT-EkyMLo8hN5-5U6Sx7MThn2lhtRlZGsG2M: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
2021-11-14 13:18:39,535:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 93, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
The same commands worked on a previous installation on my old PC also under Windows 10. I checked https://canyouseeme.org/ that I am visible on ports 80 and 443 to the outside world.