Certificate cannot be renewed

We are having an issue where our certificate cannot be renewed.
We did have a block rule from firewall for other country IPs but I have permitted &
However, our certificate is still not being updated and https site cannot be accessed because the certificate is expired.
Can you please help?

Attempting to renew cert (drive.rookwoodcemetery.com.au) from /etc/letsencrypt/renewal/drive.rookwoodcemetery.com.au.conf produced an unexpected error: Failed authorization procedure. drive.rookwoodcemetery.com.au (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/drive.rookwoodcemetery.com.au/fullchain.pem (failure)

Hi @rookwood,

There have been many threads here discussing the fact that the Let’s Encrypt CA does not publish a list of the IP addresses that validations will be performed from and is not willing to support whitelisting of validation source IP addresses. So, it is quite possible that the IP addresses you’ve whitelisted are not all of the IP addresses from which validations are performed (let alone those from which validations will be performed in the future).

If you can’t support incoming connections from arbitrary IP addresses, you should instead use the DNS-01 challenge method to prove your control over your domain.

Hi Schoen,

Thank you for your response.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.