Hi,
I have a server with 15 websites, i all migrated in https 2 month ago.
Now, i have to renew the certificates, but i got some troubles.
I launch the command ‘/certbot-auto renew --no-self-upgrade’ all the day, and after few launch, only 2-3 certificates were upgraded, and i don’t why. It’s working once in a while.
I checked everything. All the websites works in http (80) and https (443). There a 301 redirection between http->https.
The DNS seems ok. And there is no firewall. I’m using apache.
Exemple of website passed after few try: https://www.xdla.com and another one wich did not pass after 20 tries: www.piscine-en-palette.fr
I read all the topics about my trouble, with no success…
The error is always the same:
Domain: www.piscine-en-palette.fr
Type: connection
Detail: Timeout
Domain: piscine-en-palette.fr
Type: connection
Detail: Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
The result of /var/log/letsencrypt/letsencrypt.log:
letsencrypt.txt
A few lines:
}
2017-06-28 18:00:32,388:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/h1gX8AAPrKbB3oIRbgVVUeO88fAlgak5CjQR9I7r7iE.
2017-06-28 18:00:32,611:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “GET /acme/authz/h1gX8AAPrKbB3oIRbgVVUeO88fAlgak5CjQR9I7r7iE HTTP/1.1” 200 1520
2017-06-28 18:00:32,612:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1520
Boulder-Request-Id: so1p-4wH3eJA-XsxC-IZ9N4SXs2I7fAEfjbZb5IgJQc
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: 4Qteiwa7pWGxgbd77oDROZNcjWcAutX3PSYyPnfbMyY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 28 Jun 2017 18:03:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 28 Jun 2017 18:03:19 GMT
Connection: keep-alive
{
“identifier”: {
“type”: “dns”,
“value”: “www.piscine-en-palette.fr”
},
“status”: “invalid”,
“expires”: “2017-07-05T18:03:07Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/h1gX8AAPrKbB3oIRbgVVUeO88fAlgak5CjQR9I7r7iE/1441834297”,
“token”: “jk305netFLDmT3WhmqWFC6N3fiEOoPN4o0WHA1A-g-A”
},
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/h1gX8AAPrKbB3oIRbgVVUeO88fAlgak5CjQR9I7r7iE/1441834298”,
“token”: “GhaG-4vNd3KSr8w5v_KQi0MFUEsmaeZR2dwyEOucOnc”
},
{
“type”: “tls-sni-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:connection”,
“detail”: “Timeout”,
“status”: 400
},
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/h1gX8AAPrKbB3oIRbgVVUeO88fAlgak5CjQR9I7r7iE/1441834299”,
“token”: “Br3-I5Mwg-xTZJWcwQrpGzI6I965bTcC5V01as7us0M”,
“keyAuthorization”: “Br3-I5Mwg-xTZJWcwQrpGzI6I965bTcC5V01as7us0M.tP5lRgXPLDHG7jBvmqYLx42c6Pke0Tr_-2wUfFVmpCs”,
“validationRecord”: [
{
“hostname”: “www.piscine-en-palette.fr”,
“port”: “443”,
“addressesResolved”: [
“5.135.178.75”
],
“addressUsed”: “5.135.178.75”,
“addressesTried”: []
}
]
}
],
“combinations”: [
[
0
],
[
1
],
[
2
]
]
}
Thanks for your help, i’m being crazy.
An sorry for my poor english.
Xavier