Changed my server to a new IP address,

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:getitbb.org

I ran this command:certbot renew

It produced this output:

[root@getitdata ~]# certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/addi-bb.org.conf

Simulating renewal of an existing certificate for addi-bb.org

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: addi-bb.org
Type: connection
Detail: 65.48.228.27: Fetching http://addi-bb.org/.well-known/acme-challenge/M_fE3OdQKCCo9I3iiPqRUDe0bZhF63-B6MPNmiKIC9o: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Failed to renew certificate addi-bb.org with error: Some challenges have failed.

Processing /etc/letsencrypt/renewal/getitbb.net.conf

Simulating renewal of an existing certificate for getitbb.org and 3 more domains

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: getitbb.org
Type: connection
Detail: 65.48.228.27: Fetching http://getitbb.org/.well-known/acme-challenge/zZtxnKuLX03Sxi9GzoJ8pjymlQpILeONNjn77VIroWM: Timeout during connect (likely firewall problem)

Domain: www.getitbb.org
Type: connection
Detail: 65.48.228.27: Fetching http://www.getitbb.org/.well-known/acme-challenge/G4DpuhBCo75oqbEA1tvnPQVKByBYNDyghHuVRiWJGKg: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Failed to renew certificate getitbb.net with error: Some challenges have failed.

Processing /etc/letsencrypt/renewal/getitbb.org.conf

Simulating renewal of an existing certificate for getitbb.org and www.getitbb.org

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: getitbb.org
Type: connection
Detail: 65.48.228.27: Fetching http://getitbb.org/.well-known/acme-challenge/cKO-39gm8X0eO6QYo0A5ab7uVTWpH6r579rTX23eoyk: Timeout during connect (likely firewall problem)

Domain: www.getitbb.org
Type: connection
Detail: 65.48.228.27: Fetching http://www.getitbb.org/.well-known/acme-challenge/bop7s0AfFrDIZDxr9oEZVn_I4QlSU39yiuT52L26_8I: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Failed to renew certificate getitbb.org with error: Some challenges have failed.

All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/addi-bb.org/fullchain.pem (failure)
/etc/letsencrypt/live/getitbb.net/fullchain.pem (failure)
/etc/letsencrypt/live/getitbb.org/fullchain.pem (failure)

3 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[root@getitdata ~]#

My web server is (include version):Apache 2.0

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
Self Hosted

I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.22.0

2

I can't access both of your sites. is server actually listen from whole internet? (with no geofance)

5 Likes
3

yes they are listening on 80 and 443

4

Hi @lindhum, and welcome to the LE community forum :slight_smile:

Something has changed since your last renewal/cert issuance.
Today port 80 appears to be closed:

curl -Ii http://65.48.228.27/
curl: (56) Recv failure: Connection reset by peer
3 Likes
5

btw looking up that ip address says it's from home isp in Barbados: not sure that's real home or some vpn's anywhy home isps may chagne your ip or put you behind their cgnat

4 Likes
6

But they are not available to the Public Internet

$ nmap -Pn -p80,443 getitbb.org
Starting Nmap 7.93 ( https://nmap.org ) at 2023-06-01 19:26 PDT
Nmap scan report for getitbb.org (65.48.228.27)
Host is up.

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 3.44 seconds

And with the online tool Let's Debug yields these results https://letsdebug.net/getitbb.org/1503515

ANotWorking
ERROR
getitbb.org has an A (IPv4) record (65.48.228.27) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with getitbb.org/65.48.228.27: Get "http://getitbb.org/.well-known/acme-challenge/letsdebug-test": dial tcp 65.48.228.27:80: i/o timeout

Trace:
@0ms: Making a request to http://getitbb.org/.well-known/acme-challenge/letsdebug-test (using initial IP 65.48.228.27)
@0ms: Dialing 65.48.228.27
@10001ms: Experienced error: dial tcp 65.48.228.27:80: i/o timeout

IssueFromLetsEncrypt
ERROR
A test authorization for getitbb.org to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
65.48.228.27: Fetching http://getitbb.org/.well-known/acme-challenge/iR67t_tlaG0uK9H11zfpkQt4fZgokYgES_qB2c0Sais: Timeout during connect (likely firewall problem)
1 Like
7

This domain is open to the Public Internet

$ nmap -Pn -p80,443 getitbb.net
Starting Nmap 7.93 ( https://nmap.org ) at 2023-06-01 19:35 PDT
Nmap scan report for getitbb.net (192.214.121.135)
Host is up (0.13s latency).

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds

And https://letsdebug.net/getitbb.net/1503521 is OK.

1 Like
8

And this domain also is not not available to the Public Internet

$ nmap -Pn -p80,443 addi-bb.org
Starting Nmap 7.93 ( https://nmap.org ) at 2023-06-01 19:36 PDT
Nmap scan report for addi-bb.org (65.48.228.27)
Host is up.

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 3.75 seconds
9

Thanks for all the help. I just realized that I only update one of the DNS of those domains.

3 Likes
11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.