My domain is:
gogolf.online AND registered with OpenSRS
I ran these commands to install CERTBOT:
All commands for a certbot install shown on:
It produced this output:
url for domain gogolf.online no longer resolves
static ip address: 35.84.158.243 resolves from any browser
Note:
IPv6: 2600:1f13:2d9:eb00:bf8b:3a9:ef56:4e41
My web server is (include version):
AWS Lightsail virtual server
The operating system my web server runs on is (include version):
Debian 10
Debian GNU/Linux 10 \n \l
My hosting provider, if applicable, is:
Hosted by AWS Lightsail
I can login to a root shell on my machine (yes or no, or I don't know):
YES
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
I installed from Lightsail and execute linux commands in an ssh connection from Lightsail. (Not a control panel as such)
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.21.0
sudo certbot renew --dry-run
all simulated renewals succeeded:
But url golf.online no longer resloves
It resolved fine before my attempt to install CERTBOT
Note ip address 35.84.158.243 from browser fine (no ssl cert)
"resolving" suggests a problem with the DNS, as the term "to resolve" is usually used in the context of "resolving a hostname using DNS".
However, there's nothing wrong with your DNS, so it's not a resolving issue.
The issue is that port 443 is blocked (used for HTTPS). Port 80 is working fine and is redirecting from HTTP to HTTPS. Please open up port 443 in your firewall and/or portmap port 443 correctly in any router present.
443 ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
80 ALLOW IN Anywhere
443 (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
$ sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
ssl checker gives me this:
|### No SSL certificates were found on gogolf.online. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server's firewall.|
No, certbot is not the issue here. Your certificate was issued fine. Your server is probably serving your site through HTTPS (port 443) fine, but the world wide web can't reach it.
You could try to see if HTTPS is working by running the following CURL command on your webserver:
As recommended, this is what I tried:
$ curl -LI4 --resolve gogolf.online:443:127.0.0.1 https://gogolf.onl
ine
HTTP/1.1 200 OK
Date: Mon, 06 Dec 2021 19:53:57 GMT
Server: Apache/2.4.38 (Debian)
Last-Modified: Sun, 05 Dec 2021 06:58:18 GMT
ETag: "29cd-5d260aa4238d5"
Accept-Ranges: bytes
Content-Length: 10701
Vary: Accept-Encoding
Content-Type: text/html
So that confirms your webserver is working fine on port 443/HTTPS. It's not a problem with your webserver or certbot or the certificate.
You should try to identify where requests on port 443 are being blocked from the world wide web and lift that block. Firewalls (all of them!), routers, that sort of things.
Note that this Community probably isn't the best place to ask help for generic networking issues such as blocking firewalls. We might be able to help, but it's rather out of the scope of this Community if you'd ask me.
I assume you've used snap as the method of installation, looking at the recent version of certbot you're using. Snap should automatically install a systemd timer.
You can check the logs at /var/log/letsencrypt/: it should add a log file twice a day, as certbot is intended to check if renewal is necessary twice a day. Most of the time it just checks, does nothing and exits. Only if renewal is actually necessary, it tries to renew (60 days in of the 90 days cert lifetime, or in other words: 30 days before expiry).
Also try renewal manually (to see if everything works, when the time comes) by running:
