Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output:
[ letsencrypt ] (Fri Mar 5 21:08:39 CET 2021)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for bardhome.de
Using the webroot path /var/www/nextcloud for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. bardhome.de (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://bardhome.de/.well-known/acme-challenge/TO5r8JDwRFKyLGQsE5oUqPgRcDZiMcQxd7BxdSROVGE: Connection refused
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: bardhome.de
Type: connection
Detail: Fetching
http://bardhome.de/.well-known/acme-challenge/TO5r8JDwRFKyLGQsE5oUqPgRcDZiMcQxd7BxdSROVGE:
Connection refused
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version): apache
The operating system my web server runs on is (include version): debian
My hosting provider, if applicable, is: self-hosted
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes, nextcloudpi
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0
I also see a connection refused when trying to connect to http://bardhome.de/. Is it possible that you've shut down your web server for some reason, or that you have a firewall that prevents incoming connections from the rest of the Internet?
Strange, traceroute seems to work. Also from local IP I can access the server (SSH also working).
It worked for several years, now not anymore. I have not change anything, but nextcloudpi updates itself. Probably there something changed, but I cannot figure out what. I have not setup some sort of firewall.
When running a normal traceroute to your host, I'm getting a "Code: 13 (Communication administratively filtered)" ICMP error as an answer:
osiris@desktop ~ $ traceroute bardhome.de
traceroute to bardhome.de (79.244.37.18), 30 hops max, 60 byte packets
(...)
5 asd-s8-rou-1041.NL.as286.net (134.222.94.216) 15.299 ms 15.307 ms 15.994 ms
6 ae11-100-cr5-ams1.ipv4.gtt.net (194.122.122.98) 16.581 ms 16.595 ms ae16-100-cr6-ams1.ipv4.gtt.net (194.122.122.102) 17.366 ms
7 ae27.cr1-fra2.ip4.gtt.net (89.149.181.254) 23.749 ms 15.669 ms 16.291 ms
8 80.157.204.65 (80.157.204.65) 16.448 ms 17.277 ms 18.040 ms
9 p5b17dea1.dip0.t-ipconnect.de (91.23.222.161) 23.880 ms 24.514 ms 24.939 ms
10 p4ff42512.dip0.t-ipconnect.de (79.244.37.18) 30.559 ms !X 31.685 ms !X 31.927 ms !X
osiris@desktop ~ $
Those ICMP packets are originating from YOUR IP address, so something on your host is generating them, most likely a firewall.
If I'm tracing to TCP port 80, I'm getting a different error: "Code: 1 (Host unreachable)"
osiris@desktop ~ $ sudo traceroute -T -p 80 bardhome.de
traceroute to bardhome.de (79.244.37.18), 30 hops max, 60 byte packets
(...)
5 asd-s8-rou-1041.NL.as286.net (134.222.94.216) 12.936 ms 13.736 ms 13.741 ms
6 ae16-100-cr6-ams1.ipv4.gtt.net (194.122.122.102) 14.698 ms 15.039 ms 14.997 ms
7 ae27.cr1-fra2.ip4.gtt.net (89.149.181.254) 21.670 ms 15.962 ms 16.750 ms
8 80.157.204.65 (80.157.204.65) 16.309 ms 16.632 ms 18.591 ms
9 p5b17dea1.dip0.t-ipconnect.de (91.23.222.161) 23.859 ms 23.685 ms 24.274 ms
10 p4ff42512.dip0.t-ipconnect.de (79.244.37.18) 29.434 ms 30.605 ms 30.619 ms
11 p4ff42512.dip0.t-ipconnect.de (79.244.37.18) 3023.475 ms !H 3023.807 ms !H 3023.492 ms !H
osiris@desktop ~ $
Without nowing your exact setup, this is hard to debug. I'm seeing a docker0 interface, are you running Nextcloud in a Docker container?
Also, this probably isn't the best Community to ask this, as this most likely isn't certbot related at all, but a generic networking issue.
