My domain is: nh6fu.ampr.org
Ok... how do I do this????
We don't have much more information than you do. Usually, Let's Encrypt certificates are configured on a system that handles everything automatically, so if you get an expiration email that means that that software isn't working right and you should check on it. It's usually something that's been installed on your web server, so if you don't administrate your web server then you may need to contact somebody that does.
Some additional information on the email which might help:
5 Likes
Hello @Peter1,
You did not say which of the 3 Challenge Types - Let's Encrypt you are using;
so I checked with the most common HTTP-01 challenge;
it also states "The HTTP-01 challenge can only be done on port 80."
Best Practice - Keep Port 80 Open
Using the online tool Let's Debug yields these results https://letsdebug.net/nh6fu.ampr.org/1935257
ANotWorking
ERROR
nh6fu.ampr.org has an A (IPv4) record (44.62.3.154) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with nh6fu.ampr.org/44.62.3.154: Get "http://nh6fu.ampr.org/.well-known/acme-challenge/letsdebug-test": context deadline exceeded
Trace:
@0ms: Making a request to http://nh6fu.ampr.org/.well-known/acme-challenge/letsdebug-test (using initial IP 44.62.3.154)
@0ms: Dialing 44.62.3.154
@10000ms: Experienced error: context deadline exceeded
IssueFromLetsEncrypt
ERROR
A test authorization for nh6fu.ampr.org to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
44.62.3.154: Fetching http://nh6fu.ampr.org/.well-known/acme-challenge/HxVa9ATBN0S7gratT0bGzf5vS5Q53eup6DtdrdYL9t0: Timeout during connect (likely firewall problem)
And further verified from around the world here Permanent link to this check report
with "Connection timed out".
And using nmap shows Port 80 is filtered (i.e. blocked)
$ nmap -Pn -p80,443 nh6fu.ampr.org
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-07 19:21 PDT
Nmap scan report for nh6fu.ampr.org (44.62.3.154)
Host is up (0.056s latency).
PORT STATE SERVICE
80/tcp filtered http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 6.46 seconds
3 Likes
What you posted enabled me to renew the cert! just stopped ufw and any possible program that might have run port 80... then rebooted to normal
Well... that is far from an ideal automated renewal procedure 
Let's see if we can't improve on that.
I see that the redirection on the current web server is a bit off:
curl -Ii http://nh6fu.ampr.org/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 301 Moved Permanently
Location: https:nh6fu.ampr.org <<<<< missing "//" & the entire challenge path
Date: Fri, 10 May 2024 05:07:16 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Compare:
http://nh6fu.ampr.org/.well-known/acme-challenge/Test_File-1234
https:nh6fu.ampr.org
So, we should have a look at where it redirects.
Also, we should have a look at the renewal config file.
Not sure where that is; As you have not stated which ACME client you are using.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.