Certbot renewal failed with nginx

Gabocota · August 22, 2023, 2:35pm

I ran this command: sudo certbot renew

It produced this output: `2023-08-22 08:27:44,717:DEBUG:acme.client:Storing nonce: hB_KG4P8UrCHo_7lXf2Al_4lRGzKspNxxq7C6k40WaIHzwv96Zo
2023-08-22 08:27:44,718:INFO:certbot._internal.auth_handler:Challenge failed for domain gabocota.net
2023-08-22 08:27:44,719:INFO:certbot._internal.auth_handler:http-01 challenge for gabocota.net
2023-08-22 08:27:44,719:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: gabocota.net
Type: connection
Detail: 189.178.6.8: Fetching http://gabocota.net/.well-known/acme-challenge/5lzpm1hQLmG65ypAUGSAKhw5WaiXwx76qbm_Ly9cNv0: Error getting validation data

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is ac>

2023-08-22 08:27:44,721:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/snap/certbot/3024/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-08-22 08:27:44,721:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-08-22 08:27:44,721:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-08-22 08:27:45,823:ERROR:certbot._internal.renewal:Failed to renew certificate gabocota.net with error: Some challenges have failed.
2023-08-22 08:27:45,827:DEBUG:certbot._internal.renewal:Traceback was:`

My web server is (include version): nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 22.04.3

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

rg305 · August 22, 2023, 2:46pm

Hi @Gabocota, and welcome to the LE community forum

It seems that something has changed in your nginx configuration since your last cert renewal/issuance.

We should review that entire config.
Please show:
nginx -T

And the certbot renewal configuration file:
cat /etc/letsencrypt/renewal/*

MikeMcQ · August 22, 2023, 2:48pm

Also, has your IP changed or have you started blocking port 80 (HTTP)? Because connections to your server on that port are failing

Gabocota · August 22, 2023, 2:59pm

The ufw is set to allow 80 on both ipv4 and ipv6. But all traffic through port 80 seems to be stopped. I had an automatic port forwarding tool in my router and maybe when certbot initially changed the nginx configuration the port 80 automatically closed. I'll have to wait to gain access to my router but if that doesn't fix it I'll re-open the issue. Thanks

system · September 21, 2023, 2:59pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.