Error when i want to run certbot for existing certificat

Hello,

I am trying to make an HA cluster of 2 nodes. Already creating the primary server and generate a let's encrypt certificat working fine. I have an issue when i try to deploy the existing certificate with certbot on my second Node .

Can you help please ?

My domain is: themgames.fortiddns.com

I ran this command: certbot --apache
And choose the existting certificate i already generated and use for my first node

It produced this output:

root@XXXXXXXXXXXXX:~# certbot --apache -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


1: themgames.fortiddns.com


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for themgames.fortiddns.com
Performing the following challenges:
http-01 challenge for themgames.fortiddns.com
Enabled Apache rewrite module
Waiting for verification...
Challenge failed for domain themgames.fortiddns.com
http-01 challenge for themgames.fortiddns.com

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: themgames.fortiddns.com
Type: connection
Detail: Fetching http://themgames.fortiddns.com/.well-known/acme-challenge/1Jzw1G6fqCY2BeUgXgV6y6bG8nqZflHKjeau35beJDU: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Apache/2.4.38

The operating system my web server runs on is (include version): Debian 10

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.22.0

thanks

1 Like

How did you choose that existing certificate? Because your Certbot output does not show anything about an existing certificate. Instead, it tries to get a new one.

2 Likes

Is there a firewall?
Does it allow HTTP?
[How did you get the first cert?]

Does the name ("themgames.fortiddns.com") resolve to the IP of the system now trying to get a cert for that name?

See:
Let's Debug (letsdebug.net)

[you have multiple problems]

2 Likes

Hello, it's ok i found solution by copying "Lets Encrypt" Folder from the Master server to the Salve and "Apache Config " form master too to slave

Thank you all for help

2 Likes