My domain is: signal.wetleaves.com
I ran this command: sudo certbot renew --force-renewal
It produced this output:
Renewing an existing certificate for signal.wetleaves.com
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Detail: 188.8.131.52: Fetching http://signal.wetleaves.com/.well-known/acme-challenge/laE4TFx48-IXIQLaCd0jS-m7BHYOun9OkDjEi9l-0Sk: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
My web server is (include version): apache2, 2.4.29
The operating system my web server runs on is (include version): Ubuntu Linux 18.04.6
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Kinda, using webmin, but I can stumble around in a terminal window when required.
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):certbot 2.6.0
There is nothing in the folder /var/www/html/.well-known/acme-challenge/ except .htaccess which consists of:
Require all granted
There seem to be no errors in any apache logs. If Apache is refusing the connection, shouldn't I see an error in the log? The external firewall passes all 80 and 443 to the server successfully. An index.html file placed in .well-known/acme-challenge/ is served correctly, but its flipped to 443 instead of port 80. I dont know how to change that.
This thing worked flawlessly for several renewal periods, and suddenly cant renew. Any help or advice would be appreciated. I can access the server from outside my firewall....but the certificate authority seems unable to access it.