I have been trying to renew my certificate for zespri.dedyn.io for the last two days, without success. I tried, like the many times before, to run sudo certbot --apache renew, which would fail with the same error as sudo certbot -a webroot -i apache -w /var/www/html:
Failed authorization procedure. zespri.dedyn.io (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching Navidrome Error getting validation data. Skipping.
I do realize that it has to do with the deprecation of TLS-SNI-01, but I am lost looking for a workaround. I am on Ubuntu with Apache 2.4.18 and OpenSSL 1.0.2g.
There is a timeout. If you want to use http-01 - validation, Certbot creates a file in /.well-known/acme-challenge with a random file name, Letsencrypt checks this file if it exists and if it has the correct content.
But if there is a timeout, the check doesn't work.
Is this a home server? Is port 80 open? Correct router settings?
thank you very much for your swift reply! I didn’t see the obvious, that you mentioned: opening port 80 in my router. Now I remember that I closed it a few months ago because I thought I don’t need it --dry-run is successful, and now I am waiting until my rate limit is reset in 1h.
Without HSTS preloading, a browser doesn't know to use port 443 with HTTPS when a user simply types in the hostname of your site in the browsers address bar. I recon most people (if any) actually manually type https:// in their address bar before the hostname of the site.
Without port 80 open and without a HTTP redirect to HTTPS, your site wouldn't be accessible. Users would get a "connection refused" or "timeout", just like certbot got when you tried to renew.
So: just leave port 80 open for the redirect. That way, your site actually works
@JuergenAuer: Just reporting back that the certificate renewal was successful. Thanks for the quick help!
@Osiris: Thank you for pointing this out. Indeed, in the last days I have been learning a lot about Apache. It is a bit unfortunate that there is so little high-level, conceptual documentation for the beginner-to-average user. Most documentation is either really complex or merely specific how-tos, which don’t allow you to understand why sth works (or doesn’t). So thank you very much for some basic background on this issue!