Hello!
I have had a problem for some time and I can't solve it ...
My certificate expired on March 4, 2022, I initially thought it would be automatically renewed, but it wasn't.
Even after this date, I did not manage to renew it.
My domain is: mycloudgg.go.ro
FreeBSD 12.2-RELEASE-p11 75566f060d4(HEAD) TRUENAS
Welcome to FreeBSD!
Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories: https://www.FreeBSD.org/security/
FreeBSD Handbook: https://www.FreeBSD.org/handbook/
FreeBSD FAQ: https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums: https://forums.FreeBSD.org/
Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with: pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.
Show the version of FreeBSD installed: freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages: man man
FreeBSD directory layout: man hier
Edit /etc/motd to change this login announcement.
root@NC:~ # certbot --version
certbot 1.22.0
root@NC:~ # certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: mycloudgg.go.ro
Serial Number: 34d5...
Key Type: RSA
Domains: mycloudgg.go.ro
Expiry Date: 2022-04-04 09:12:28+00:00 (INVALID: EXPIRED)
Certificate Path: /usr/local/etc/letsencrypt/live/mycloudgg.go.ro/fullchain.pem
Private Key Path: /usr/local/etc/letsencrypt/live/mycloudgg.go.ro/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@NC:~ # certbot renew --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/mycloudgg.go.ro.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Failed to renew certificate mycloudgg.go.ro with error: Requesting acme-v02.api.letsencrypt.org/directory: Name does not resolve
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
/usr/local/etc/letsencrypt/live/mycloudgg.go.ro/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
The first certificate was created (issued) more than 90 days ago, using the command:
This is the issue. The DNS resolver on that machine is somewhat broken. I don't know enough about FreeBSD but you should probably check the contents of /etc/resolv.conf
root@NC:/etc # ping acme-v02.api.letsencrypt.org
ping: cannot resolve acme-v02.api.letsencrypt.org: Host name lookup failure
root@NC:/etc # ping google.com
ping: cannot resolve google.com: Host name lookup failure
root@NC:/etc # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 192.168.1.92: icmp_seq=0 ttl=57 time=16.786 ms
64 bytes from 192.168.1.92: icmp_seq=1 ttl=57 time=17.368 ms
64 bytes from 192.168.1.92: icmp_seq=2 ttl=57 time=17.321 ms
64 bytes from 192.168.1.92: icmp_seq=3 ttl=57 time=16.871 ms
ping from the TrueNas server:
root@truenas2[~]# ping acme-v02.api.letsencrypt.org
PING acme-v02.api.letsencrypt.org (172.65.32.248): 56 data bytes
64 bytes from 172.65.32.248: icmp_seq=0 ttl=58 time=10.214 ms
64 bytes from 172.65.32.248: icmp_seq=1 ttl=58 time=10.452 ms
64 bytes from 172.65.32.248: icmp_seq=2 ttl=58 time=10.722 ms
64 bytes from 172.65.32.248: icmp_seq=3 ttl=58 time=10.820 ms
^C
the "resolv.conf" files on TrueNas and the one in Nextcloud jail are identical