Failing to renew because I removed HTTP access (HTTPS is ok)

certbot 0.40.0
I had port 80 and 443 forwarded before.. then I removed 80
now, an attempt to renew looks like:

sudo certbot renew 
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for [mydomain]
Waiting for verification...
Challenge failed for domain [mydomain]
http-01 challenge for [mydomain]
Cleaning up challenges
Attempting to renew cert ([mydomain]) from /etc/letsencrypt/renewal/[mydomain].conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/[mydomain]/fullchain.pem (failure)

What is the correct way to make this process switch to the working HTTPS port ?

1 Like

You can't, that's why it's called the http-01 challenge and not https-01 :wink:

It will always start on port 80.

See also:

4 Likes

Thank you for the answer.

3 Likes