My domain is: mail.familie-born.net
I ran this command: certbot renew --force-renewal
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/die-todbringer.de.conf
Plugins selected: Authenticator webroot, Installer apache
Attempting to renew cert (die-todbringer.de) from /etc/letsencrypt/renewal/die-todbringer.de.conf produced an unexpected error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.
Processing /etc/letsencrypt/renewal/mail.familie-born.net.conf
Plugins selected: Authenticator webroot, Installer apache
Attempting to renew cert (mail.familie-born.net) from /etc/letsencrypt/renewal/mail.familie-born.net.conf produced an unexpected error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.
Processing /etc/letsencrypt/renewal/www.die-todbringer.de.conf
Plugins selected: Authenticator apache, Installer apache
Attempting to renew cert (www.die-todbringer.de) from /etc/letsencrypt/renewal/www.die-todbringer.de.conf produced an unexpected error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.
Processing /etc/letsencrypt/renewal/www.skc-lohhof.de.conf
Plugins selected: Authenticator webroot, Installer apache
Attempting to renew cert (www.skc-lohhof.de) from /etc/letsencrypt/renewal/www.skc-lohhof.de.conf produced an unexpected error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/die-todbringer.de/fullchain.pem (failure)
/etc/letsencrypt/live/mail.familie-born.net/fullchain.pem (failure)
/etc/letsencrypt/live/www.die-todbringer.de/fullchain.pem (failure)
/etc/letsencrypt/live/www.skc-lohhof.de/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/die-todbringer.de/fullchain.pem (failure)
/etc/letsencrypt/live/mail.familie-born.net/fullchain.pem (failure)
/etc/letsencrypt/live/www.die-todbringer.de/fullchain.pem (failure)
/etc/letsencrypt/live/www.skc-lohhof.de/fullchain.pem (failure)
4 renew failure(s), 0 parse failure(s)
My web server is (include version): Apache/2.4.38 (Debian)
The operating system my web server runs on is (include version): Linux version 4.19.0-16-amd64 (debian-kernel@lists.debian.org) (gcc version 8.3.0 (Debian 8.3.0-6)) #1 SMP Debian 4.19.181-1 (2021-03-19)
My hosting provider, if applicable, is: server4you
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 0.31.0
I also tried to run host acme-v02.api.letsencrypt.org and got the following output:
host acme-v02.api.letsencrypt.org
acme-v02.api.letsencrypt.org is an alias for prod.api.letsencrypt.org.
prod.api.letsencrypt.org is an alias for ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com has address 172.65.32.248
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com has IPv6 address 2606:4700:60:0:f53d:5624:85c7:3a2c
pinging this addres works, too.
Has anyone an idea? I'm running this over months... or years... so this is the first time i got this error.
Thank you!