Certbot renew fails

Hi, Newbie here. I have a nextcloud cloud storage and would like to use letsencrypt certificate. I was able to install it but couldn't renew it and with the output below. I believe because of this error, I couldn't get auto-renew certificates. Please teach me step by step how to solve my issue. Thanks in advance.

~$ sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.lcpis.cloud.conf


Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate for www.lcpis.cloud
Performing the following challenges:
http-01 challenge for www.lcpis.cloud
Waiting for verification...
Challenge failed for domain www.lcpis.cloud
http-01 challenge for www.lcpis.cloud
Cleaning up challenges
Failed to renew certificate www.lcpis.cloud with error: Some challenges have failed.


All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/www.lcpis.cloud/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

1 Like

Hi there @Kenneth-Tech95, welcome to our Community!

First of all, I've moved your thread to the #help section where it's more appropriate.

Secondly, it's no use to redact your IP address: the hostname (we need to know to help you) will resolve to the same IP address you've redacted, so that's publicly known anyway.

And for the most important bit: your Nextcloud seems to be "speaking" HTTPS on port 80. Usually, port 80 is only used for HTTP (without the S). When a webclient such as a browser or in this case the Let's Encrypt validation server is connecting to port 80 (to surf to your website for example or in the case of Let's Encrypt to validate the hostname), it's expecting HTTP and not HTTPS. Therefore, it'll get the error which is shown in the error message.

Is your Nextcloud perhaps hosted behind a NAT router? Do you have by any chance port-mapped/forwarded externally port 80 to internally port 443?

3 Likes

Hi Osiris,

Thank you for your reply and help moving to the more appropriate thread.

Yes, I do believe I have a NAT router and I'm using port-forwarding from externally both port 80 & 443 to internally port 443. This is my 1st time managing a server myself, learn everything online. Is "port-forwarding from externally port 80 to internally port 443" a bad setting?

But, thank you for your advice, I set my setting back to port 80 to 80 and port 443 to 443 and it WORKSS! Thanks a lot!!

2 Likes

While it can be helpful sometimes to have different external and internal ports, in this case it's not. Webbrowsers connecting to port 80 expect HTTP and with HTTPS they are connecting to port 443. So for port 80 and 443 it's recommended to keep external and internal the same port number.

Glad it was this simple and it worked!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.