Hi,
We are having an issue where our certificate cannot be renewed.
We did have a block rule from firewall for other country IPs but I have permitted 151.101.0.223 & 23.0.99.85.
However, our certificate is still not being updated and https site cannot be accessed because the certificate is expired.
Can you please help?
Regards,
Attempting to renew cert (drive.rookwoodcemetery.com.au) from /etc/letsencrypt/renewal/drive.rookwoodcemetery.com.au.conf produced an unexpected error: Failed authorization procedure. drive.rookwoodcemetery.com.au (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/drive.rookwoodcemetery.com.au/fullchain.pem (failure)
There have been many threads here discussing the fact that the Let’s Encrypt CA does not publish a list of the IP addresses that validations will be performed from and is not willing to support whitelisting of validation source IP addresses. So, it is quite possible that the IP addresses you’ve whitelisted are not all of the IP addresses from which validations are performed (let alone those from which validations will be performed in the future).
If you can’t support incoming connections from arbitrary IP addresses, you should instead use the DNS-01 challenge method to prove your control over your domain.