Failing to renew because I removed HTTP access (HTTPS is ok)

AndKe · November 18, 2020, 2:41pm

certbot 0.40.0
I had port 80 and 443 forwarded before.. then I removed 80
now, an attempt to renew looks like:

sudo certbot renew 
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for [mydomain]
Waiting for verification...
Challenge failed for domain [mydomain]
http-01 challenge for [mydomain]
Cleaning up challenges
Attempting to renew cert ([mydomain]) from /etc/letsencrypt/renewal/[mydomain].conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/[mydomain]/fullchain.pem (failure)

What is the correct way to make this process switch to the working HTTPS port ?

Osiris · November 18, 2020, 2:46pm

You can't, that's why it's called the http-01 challenge and not https-01

It will always start on port 80.

Topic		Replies	Views
Certbot - Hard Coded URL Rewrite Means HTTP-01 Challenge Fails on Apache Server	25	8019	June 11, 2017
Certbot Auto renew without HTTP and without TLS-SNI-01 Help	9	3515	February 12, 2018
About certbot webroot renew Help	10	782	January 20, 2021
For Certbot Apache users whose renewals started to fail recently Server	1	986	March 8, 2019
Cannot renew cert, http-01 challenge is failing Help	3	397	June 11, 2022

Failing to renew because I removed HTTP access (HTTPS is ok)

Related topics