Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: https://eseller360.com/
I ran this command: sudo certbot renew
It produced this output: Attempting to renew cert (eseller360.com ) from /etc/letsencrypt/renewal/eseller360.com.conf produced an unexpected error: Failed authorization procedure. eseller360.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: 165.22.218.152: Fetching http://eseller360.com/.well-known/acme-challenge/TobjtdqJqNI2Q23yd3gFH_vzNZggr_dYkvGif5k5ORg: Timeout during connect (likely firewall problem), www.eseller360.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: 165.22.218.152: Fetching http://www.eseller360.com/.well-known/acme-challenge/yCjVonx2KubcNMfU3wl_0FA8rb9OBIm86F8CoILb29M: Timeout during connect (likely firewall problem). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/eseller360.com/fullchain.pem (failure)
My web server is (include version): Apache and Ubuntu18
The operating system my web server runs on is (include version): Ubuntu18
My hosting provider, if applicable, is: Digitalocean
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
rg305
December 23, 2022, 2:52am
2
Hi @ravinesh1234 , and welcome to the LE community forum
Something has changed since your last cert renew:
HTTP [port 80] needs to be open.
3 Likes
Rip
December 23, 2022, 2:58am
3
I concur with Rudy's post.
PORT STATE SERVICE
22/tcp open ssh
80/tcp filtered http
443/tcp open https
3 Likes
Yes i have added some firewall changes 4 months before but i do not remember what exactly i had done
And Let's Debug's results Let's Debug
agrees with both @rg305 and @Rip
2 Likes
Also i am not able to open my website with http, only accessible through https .
I am new for server related work . I would request you to kindly guide me step by step
rg305
December 23, 2022, 3:10am
7
You don't have any notes about that?
Try starting with:
sudo ufw status
FYI: This is not:
an Ubuntu forum
a firewall forum
3 Likes
rg305:
sudo ufw status
No i do not remember
OpenSSH ALLOW Anywhere
22 ALLOW Anywhere
Apache Secure ALLOW Anywhere
443/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
Apache Secure (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
To Action From
OpenSSH ALLOW Anywhere
22 ALLOW Anywhere
Apache Secure ALLOW Anywhere
443/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
Apache Secure (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
Still not able to access the website through http. What to do next
rg305
December 23, 2022, 3:19am
12
Is the website accessible from itself, or from within the same network?
2 Likes
Rip
December 23, 2022, 3:20am
13
OK so
sudo ufw status numbered
Should show you what the firewall is doing unless you are using some other firewall.
2 Likes
i can access only through https:// but not able to access through http://
and when i put domain name then it is redirecting to https
[ 1] OpenSSH ALLOW IN Anywhere
[ 2] 22 ALLOW IN Anywhere
[ 3] Apache Secure ALLOW IN Anywhere
[ 4] 443/tcp ALLOW IN Anywhere
[ 5] 80/tcp ALLOW IN Anywhere
[ 6] OpenSSH (v6) ALLOW IN Anywhere (v6)
[ 7] 22 (v6) ALLOW IN Anywhere (v6)
[ 8] Apache Secure (v6) ALLOW IN Anywhere (v6)
[ 9] 443/tcp (v6) ALLOW IN Anywhere (v6)
[10] 80/tcp (v6) ALLOW IN Anywhere (v6)
rg305
December 23, 2022, 3:21am
16
I don't think you understood my question.
We know it can't be reached via HTTP from the Internet.
3 Likes
How to check ? please guide
_az
December 23, 2022, 3:24am
18
Check whether your droplet has a firewall enabled in the DigitalOcean control panel as well.
Droplets → Networking → Firewall.
3 Likes
rg305
December 23, 2022, 3:26am
21
You have no inbound rule for 80.
3 Likes