Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: lab.arcontia.se & test.arcontia.se
My web server is (include version): nginx 1.14.0
The operating system my web server runs on is (include version): Ubuntu 18.0.4.5
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.27.0
Hi, I have been trying to renew my certificates using certbot, but try as I might I can't seem to find the cause of this error.
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
What I have been able to find hints at that it could have something to do with certbot preferring IPv6 and that causing problems with servers not set up for that. But as far as I can see that is not what is happening here and so those solutions have not gotten me anywhere.
Also, there are no problems reaching the page itself with the URL so there is nothing wrong with my A record.
Can you show the contents of /etc/letsencrypt/renewal/lab.arcontia.se.conf? Is it possible that you originally got your certificate using --standalone?
Thanks for sharing this configuration. This looks correct to me, and so I'm not sure why it would fail to renew the way you saw.
My first guess is that there is some feature in your nginx configuration which this old version of Certbot doesn't understand properly, but that might be understood by a newer version. Could you upgrade to a newer Certbot version?
Note that step 4 here calls for you to remove your existing Certbot package (which was probably installed with apt). This is not harmful to your certificates and certificate renewal configuration, as long as you don't use --purge when removing the package.
I still get the same error after trying this. though with the added bit at the beggining
Challenge failed for domain lab.arcontia.se
http-01 challenge for lab.arcontia.se
Cleaning up challenges
Some challenges have failed.
One of them does, the other runs in a docker. The one on the server is a GitLab implementation though, so it might be special in some way, I can't say I understand it too well.
Edit: Oh yeah, the other domain is test.arcontia.se and it tries to renew that one too if I run certbot renew.
with basically the same error.
I would look at the relationship between the Docker server and the host. If you have port 80 forwarded to this Docker container, then you have to run Certbot inside Docker too, because the certificate authority connects to your IP address only on port 80. So whatever is answering on port 80 as seen by the rest of the Internet is what needs to be used to obtain the certificate.