Certificate renewal does it need port 80 to be open

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: testingweb.southeastasia.cloudapp.azure.com

I ran this command: sudo certbot renew --dry-run
sudo certbot renew

It produced this output: Attempting to renew cert (testingweb.southeastasia.cloudapp.azure.com) from
/etc/letsencrypt/renewal/testingweb.southeastasia.cloudapp.azure.com.conf produced an
unexpected error: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443):
Max retries exceeded with url: /directory (Caused by SSLError(SSLError(1,
‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)’),)). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/testingweb.southeastasia.cloudapp.azure.com/fullchain.pem (failure)

My web server is (include version):

The operating system my web server runs on is (include version): Ubantu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

While incoming port 80 does need to be open if you are using the HTTP challenge, that doesn’t seem to be the cause of your error.

It looks like Certbot is unable to establish a connection to the Let’s Encrypt API server because it can’t verify its HTTPS certificate.

Is ca-certificates installed?

for automatic renewal of the certificate do we need to have port 80 open ,
the cron job to renew the certificate was failing once we enablde port 80 it renewed.

We have disabled port 80 now and dry run or sudo certbot renew both the commands are running fine
Getting confused with the behaviour

Thanks @_az for the reply

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.