Error renewing certificate


I’ve been trying all day now and am at a loss. I’ve installed Nextcloud on my Pi and uses LetsEncrypt to get a SSL certificate. Everything worked like a charm for 60 days and still does, but now I need no renew the certificate.
Using the command below produces the error seen below.
As additional information: I’m redirecting all traffic from http to https via apache2 config. Might that be the problem? I’ve tried deactivating the redirect but it doesn’t fix anything.

Thank you very much for you help and bare with me, as I am a beginner.

My domain is:

I ran this command: sudo ./certbot-auto renew

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification…
Cleaning up challenges
Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: Failed authorization procedure. (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching Error getting validation data. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)


My web server is (include version): apache2 (latest Version)

The operating system my web server runs on is (include version): Raspbian/Debian Strech (latest version)

My hosting provider, if applicable, is: RaspberryPi is connected to Router that has a puplic IP4 adress

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


Your hostname resolves to the IP address That IP address isn’t reachable from the world wide web. Not from The Netherlands (my location) and apparently, nor from Let’s Encrypts validation server.

Is that IP address also the current IP address your site runs on?


Hi @Pete90

checking your site via -14 10.030 T
Timeout - The operation has timed out -1 0.023 U
NameResolutionFailure - The remote name could not be resolved: ‘ 200 0.700 A -14 10.026 T
Timeout - The operation has timed out

Your https - version works. But if you want to get a new certificate, you must open your port 80, so that Letsencrypt is able to load a file via the last url (/.well-known/acme-challenge/).

So open your firewall and (if not running) start your webserver port 80 / http.


Hmm, firewall issue… Could be indeed! I just stopped after a traceroute which was giving me “!X” errors and a telnet to port 80 which gave me a “No route to host”-error:

osiris@erazer ~ $ telnet 80
telnet: connect to address No route to host
osiris@erazer ~ $ telnet 443
Connected to
Escape character is '^]'.

Connection closed by foreign host.
osiris@erazer ~ $ 

So yes, firewall would be my guess too with this new info.


Thanks for your replies, I really appreciate it. I vaguely remember that I made some changes to the firewall.

Port 80 was neither open on my router or in the iptables config. I changed that and now everything works. Thank you so much again for helping out a pleb.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.