Error renewing certificate


#1

Hey,
I’ve been trying all day now and am at a loss. I’ve installed Nextcloud on my Pi and uses LetsEncrypt to get a SSL certificate. Everything worked like a charm for 60 days and still does, but now I need no renew the certificate.
Using the command below produces the error seen below.
As additional information: I’m redirecting all traffic from http to https via apache2 config. Might that be the problem? I’ve tried deactivating the redirect but it doesn’t fix anything.

Thank you very much for you help and bare with me, as I am a beginner.

My domain is: pete90.ddns.net

I ran this command: sudo ./certbot-auto renew

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/pete90.ddns.net.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for pete90.ddns.net
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (pete90.ddns.net) from /etc/letsencrypt/renewal/pete90.ddns.net.conf produced an unexpected error: Failed authorization procedure. pete90.ddns.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://pete90.ddns.net/.well-known/acme-challenge/UZbrz1LPaCG8afwxcrfDKi_YG52xyebi8q5jBZiAJuo: Error getting validation data. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/pete90.ddns.net/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/pete90.ddns.net/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

My web server is (include version): apache2 (latest Version)

The operating system my web server runs on is (include version): Raspbian/Debian Strech (latest version)

My hosting provider, if applicable, is: RaspberryPi is connected to Router that has a puplic IP4 adress

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Your hostname resolves to the IP address 31.18.214.106. That IP address isn’t reachable from the world wide web. Not from The Netherlands (my location) and apparently, nor from Let’s Encrypts validation server.

Is that IP address also the current IP address your site runs on?


#3

Hi @Pete90

checking your site via https://check-your-website.server-daten.de/?q=pete90.ddns.net

http://pete90.ddns.net/ -14 10.030 T
Timeout - The operation has timed out
http://www.pete90.ddns.net/ -1 0.023 U
NameResolutionFailure - The remote name could not be resolved: ‘www.pete90.ddns.net
https://pete90.ddns.net/ 200 0.700 A
http://pete90.ddns.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de -14 10.026 T
Timeout - The operation has timed out

Your https - version works. But if you want to get a new certificate, you must open your port 80, so that Letsencrypt is able to load a file via the last url (/.well-known/acme-challenge/).

So open your firewall and (if not running) start your webserver port 80 / http.


#4

Hmm, firewall issue… Could be indeed! I just stopped after a traceroute which was giving me “!X” errors and a telnet to port 80 which gave me a “No route to host”-error:

osiris@erazer ~ $ telnet pete90.ddns.net 80
Trying 31.18.214.106...
telnet: connect to address 31.18.214.106: No route to host
osiris@erazer ~ $ telnet pete90.ddns.net 443
Trying 31.18.214.106...
Connected to pete90.ddns.net.
Escape character is '^]'.

Connection closed by foreign host.
osiris@erazer ~ $ 

So yes, firewall would be my guess too with this new info.


#5

Thanks for your replies, I really appreciate it. I vaguely remember that I made some changes to the firewall.

Port 80 was neither open on my router or in the iptables config. I changed that and now everything works. Thank you so much again for helping out a pleb.