Failing to renew - fullchain.pem

My domain is: thaliashouseofhorrors.duckdns.org

I ran this command: certbot renew

It produced this output:

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: thaliashouseofhorrors.duckdns.org
  Type:   connection
  Detail: Fetching http://thaliashouseofhorrors.duckdns.org/.well-known/acme-challenge/0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Failed to renew certificate thaliashouseofhorrors.duckdns.org with error: Some challenges have failed.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
  C:\Certbot\live\thaliashouseofhorrors.duckdns.org\fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

My web server is (include version): DuckDNS 1.0.5 (I think)

The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is: DuckDNS

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): FoundryVTT

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.17

I previously had things running just fine in my FoundryVTT instance. Currently nobody can connect via the domain URL. I have updated my token through DuckDNS and all that. This has been happening a couple weeks but I'm now in earnest trying to fix it.

I have read other threads but they seem to be using more specialized programs than me (Apache, etc) to host their stuff - this is self-hosted.

Contents of letsencrypt.log:

2021-11-06 17:08:33,795:DEBUG:certbot._internal.main:Location of certbot entry point: E:\Program Files (x86)\Certbot\bin\certbot.exe
2021-11-06 17:08:33,795:DEBUG:certbot._internal.main:Arguments: ['--preconfigured-renewal']
2021-11-06 17:08:33,795:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-11-06 17:08:33,908:DEBUG:certbot._internal.log:Root logging level set at 30
2021-11-06 17:08:33,915:DEBUG:certbot.display.util:Notifying user: Processing C:\Certbot\renewal\thaliashouseofhorrors.duckdns.org.conf
2021-11-06 17:08:33,942:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x047C0CE8> and installer <certbot._internal.cli.cli_utils._Default object at 0x047C0CE8>
2021-11-06 17:08:33,968:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2021-10-23 20:19:41 UTC.
2021-11-06 17:08:33,968:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2021-11-06 17:08:33,968:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2021-11-06 17:08:33,972:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x04660D78>
Prep: True
2021-11-06 17:08:33,973:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x04660D78> and installer None
2021-11-06 17:08:33,973:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2021-11-06 17:08:33,998:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/136349191', new_authzr_uri=None, terms_of_service=None), 45de7dcc73aafac0509845198c7f0360, Meta(creation_dt=datetime.datetime(2021, 7, 25, 21, 19, 25, tzinfo=<UTC>), creation_host='DESKTOP-Q0PDG6E.neo.rr.com', register_to_eff=None))>
2021-11-06 17:08:33,999:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-11-06 17:08:34,003:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-11-06 17:08:34,167:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-11-06 17:08:34,167:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 06 Nov 2021 21:08:34 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "B3YMfd7KU4M": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-11-06 17:08:34,169:DEBUG:certbot.display.util:Notifying user: Renewing an existing certificate for thaliashouseofhorrors.duckdns.org
2021-11-06 17:08:34,390:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): C:\Certbot\keys\0049_key-certbot.pem
2021-11-06 17:08:34,425:DEBUG:certbot.crypto_util:Creating CSR: C:\Certbot\csr\0049_csr-certbot.pem
2021-11-06 17:08:34,425:DEBUG:acme.client:Requesting fresh nonce
2021-11-06 17:08:34,425:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-11-06 17:08:34,480:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-11-06 17:08:34,481:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 06 Nov 2021 21:08:34 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102_s_GlRpFnAlHvy8E0q0MT20qqo-nBcROX_K2jdlL8NU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-11-06 17:08:34,481:DEBUG:acme.client:Storing nonce: 0102_s_GlRpFnAlHvy8E0q0MT20qqo-nBcROX_K2jdlL8NU
2021-11-06 17:08:34,481:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "thaliashouseofhorrors.duckdns.org"\n    }\n  ]\n}'
2021-11-06 17:08:34,486:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM2MzQ5MTkxIiwgIm5vbmNlIjogIjAxMDJfc19HbFJwRm5BbEh2eThFMHEwTVQyMHFxby1uQmNST1hfSzJqZGxMOE5VIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "NaKDxNZ6__mDkjl9-QyvW_hN7bnjUjwhnzqGE9GHWGVt_6QSnMoRtkKjHY9S8E9swsMkkMGtKoThljeS7JyYQuYxdfuGo32pFnicN5wwp9byU1DNERkuFpO_NmupaGRnD2QaGonfZyWUy7RG1yBq2GYsWQvTDAkvIsrxyDZ6apIDvmJ6JUFLSa4gULyTMgt8PMv9-JQlS4QsML7RAVLHbGe7ah9xoe0Gwv0wzhvztAJbvHMf3jyzRBcTyaz_Ars2Z4ehHNEOOVuZO5DP4wfrbubcTpb4-Zm7-WDF04yVVhP_UB7Tjrgwcm-ZaIVKGs1Ve-cYDi4NkwKCWs_C62q6_Q",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInRoYWxpYXNob3VzZW9maG9ycm9ycy5kdWNrZG5zLm9yZyIKICAgIH0KICBdCn0"
}
2021-11-06 17:08:34,766:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 356
2021-11-06 17:08:34,767:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sat, 06 Nov 2021 21:08:34 GMT
Content-Type: application/json
Content-Length: 356
Connection: keep-alive
Boulder-Requester: 136349191
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/136349191/37654401950
Replay-Nonce: 0102lvZy02zIULs2tBKkkfdLx5qfp7rMXQDZnao2nAZCEK8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-11-13T21:08:34Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "thaliashouseofhorrors.duckdns.org"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/46845666460"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/136349191/37654401950"
}
2021-11-06 17:08:34,767:DEBUG:acme.client:Storing nonce: 0102lvZy02zIULs2tBKkkfdLx5qfp7rMXQDZnao2nAZCEK8
2021-11-06 17:08:34,767:DEBUG:acme.client:JWS payload:
b''
2021-11-06 17:08:34,772:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/46845666460:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM2MzQ5MTkxIiwgIm5vbmNlIjogIjAxMDJsdlp5MDJ6SVVMczJ0Qktra2ZkTHg1cWZwN3JNWFFEWm5hbzJuQVpDRUs4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My80Njg0NTY2NjQ2MCJ9",
  "signature": "ET0mQ-AN1hwbdXPP_zu43CGZTsvc4pIkSIOaSR5rkHbuBNkP1zqpLI1HM4yud4ezfj6UuzYQ9COffb2yR9sj6DaMaSZRTtk0I07vG-dIe7yN8b-PjquRvUFflwWDyVU-_l01c-9uscDGcuAzRWjasruwP4fncccfw-bHQC7L86Ekhd9eePsYsvZkMnS7KOlHGtHmlaBfmTunc7sOqh1kVTdgNxdqprCZ7PbwBCzdMz-7V0r6KNYPvb4PYGjOWUTnswE5lZ3VaHxfjBf5vpMGsJGPBtSGywI1fNtifVAVAN-F8-AJCg3I8gl_xDLsHHJjsMEI8tbO6WmVO0UVRUFT2w",
  "payload": ""
}
2021-11-06 17:08:34,858:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/46845666460 HTTP/1.1" 200 814
2021-11-06 17:08:34,858:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 06 Nov 2021 21:08:34 GMT
Content-Type: application/json
Content-Length: 814
Connection: keep-alive
Boulder-Requester: 136349191
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102VCCih5KkjvdrXaqsC6AlwlrRaPK5YrwONvcK1wcPyAI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "thaliashouseofhorrors.duckdns.org"
  },
  "status": "pending",
  "expires": "2021-11-13T21:08:34Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/deqIDw",
      "token": "0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/aqLaQw",
      "token": "0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/_rpuyA",
      "token": "0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE"
    }
  ]
}
2021-11-06 17:08:34,858:DEBUG:acme.client:Storing nonce: 0102VCCih5KkjvdrXaqsC6AlwlrRaPK5YrwONvcK1wcPyAI
2021-11-06 17:08:34,859:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-11-06 17:08:34,859:INFO:certbot._internal.auth_handler:http-01 challenge for thaliashouseofhorrors.duckdns.org
2021-11-06 17:08:34,862:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2021-11-06 17:08:34,863:DEBUG:acme.standalone:Successfully bound to :80 using IPv4
2021-11-06 17:08:34,864:DEBUG:acme.client:JWS payload:
b'{}'
2021-11-06 17:08:34,870:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/deqIDw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM2MzQ5MTkxIiwgIm5vbmNlIjogIjAxMDJWQ0NpaDVLa2p2ZHJYYXFzQzZBbHdsclJhUEs1WXJ3T052Y0sxd2NQeUFJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My80Njg0NTY2NjQ2MC9kZXFJRHcifQ",
  "signature": "S7_ZHM6060bWOSGyUdlb40C83rZ_GVVSRy1jcyaZRMTeM5wWOTHVenTf-ffQtCZjB74lbg01qpbxztbPHaeFiSvUkDM5NQKueWOEPD5AgJjZjO1PcgbYJZbFEDLIuV5A7TzwD4f1WPyN21xduRMeso6We0af0sFzGWvGgHWkEv4h7UvU-6htGQy8-xBV-YCy-g04fA6k61ND521m0NL3Mbpdd_WZoe9bghuzbsm_51RUZovpfOWsKlued3Avt36BulVuMefnK_613pXasxpGWaLryQftXMzmPJjjnOx6cH1ZJ-gLD120bLw6ZACw4x2oYEncn5XpoPlYyRRjwb6JxQ",
  "payload": "e30"
}
2021-11-06 17:08:34,973:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/46845666460/deqIDw HTTP/1.1" 200 186
2021-11-06 17:08:34,973:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 06 Nov 2021 21:08:35 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 136349191
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/46845666460>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/deqIDw
Replay-Nonce: 01017GiWQz4LJlK15uIZlzRX9bVyL_l5PHoJEl1tvn29NPk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/deqIDw",
  "token": "0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE"
}
2021-11-06 17:08:34,974:DEBUG:acme.client:Storing nonce: 01017GiWQz4LJlK15uIZlzRX9bVyL_l5PHoJEl1tvn29NPk
2021-11-06 17:08:34,974:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-11-06 17:08:35,987:DEBUG:acme.client:JWS payload:
b''
2021-11-06 17:08:35,992:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/46845666460:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM2MzQ5MTkxIiwgIm5vbmNlIjogIjAxMDE3R2lXUXo0TEpsSzE1dUlabHpSWDliVnlMX2w1UEhvSkVsMXR2bjI5TlBrIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My80Njg0NTY2NjQ2MCJ9",
  "signature": "qDN1ZghpotCEESIS9-454gvUId_ZZnCz-h0-6xUS4g0cugpePs4WwqCC8R3XFxJ_HURZOZoOtWU_4WNF1Ne1RtPAHd13_o8vE_s_ubVzZceoPtgUBlEShxhgz_n7EmeIrhMCad0JahgIlJLGDY6Je2DMOpvcRDjfzWwZD9ldCaFIBnmXXzqhMr0jUDlJH-5e4wrsPtLFadEkMtG0-90EGsgnkArl2031TzGF0T2ql2tEr64OUXZfYqFOvBsTwfi7aJnleb-_bgU8EinhSErKWsl562_3rl5PneJY511_r2voYUxivUFWKlMKbJlqIIDJsh-FyTbRtSrx4kjyLk2peg",
  "payload": ""
}
2021-11-06 17:08:36,078:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/46845666460 HTTP/1.1" 200 814
2021-11-06 17:08:36,079:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 06 Nov 2021 21:08:36 GMT
Content-Type: application/json
Content-Length: 814
Connection: keep-alive
Boulder-Requester: 136349191
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101SHUaRPLH3lG6uaW34vSjP0RR-P4dNlYloeupGvB0XjU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "thaliashouseofhorrors.duckdns.org"
  },
  "status": "pending",
  "expires": "2021-11-13T21:08:34Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/deqIDw",
      "token": "0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/aqLaQw",
      "token": "0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/_rpuyA",
      "token": "0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE"
    }
  ]
}
2021-11-06 17:08:36,079:DEBUG:acme.client:Storing nonce: 0101SHUaRPLH3lG6uaW34vSjP0RR-P4dNlYloeupGvB0XjU
2021-11-06 17:08:39,093:DEBUG:acme.client:JWS payload:
b''
2021-11-06 17:08:39,098:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/46845666460:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM2MzQ5MTkxIiwgIm5vbmNlIjogIjAxMDFTSFVhUlBMSDNsRzZ1YVczNHZTalAwUlItUDRkTmxZbG9ldXBHdkIwWGpVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My80Njg0NTY2NjQ2MCJ9",
  "signature": "LKigl8N9HPAbZcha0Tw2Yirar65ukmDXboYmVWzMP6cWw9pF3GZOZsL8OSzAtqmxA-iFiC5NB0244fOYmKIra2eVfY3v8y5FTqmDLFzolO_umBRXnKNqQPvJwRUUSozL7xZyoHoBQWFhZenpE8zeBuVRutqHDKe9eGvtc7j68kZytsrVfQS9dZMFyjmA-30BMb2Z2-H1vFKduISEoPhFwo5or1YAgVV6G6yBedhHAPyuX5UgvV-N-nGAUCv7CAUn95Djphu_Ef-L96EoOXUbSqG0MVFl5hP_taln2jpq8Q5VLnpAObCPcuueyWcbeOJraIx1eL9vTRXD4T_QQUIa6w",
  "payload": ""
}
2021-11-06 17:08:39,184:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/46845666460 HTTP/1.1" 200 814
2021-11-06 17:08:39,184:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 06 Nov 2021 21:08:39 GMT
Content-Type: application/json
Content-Length: 814
Connection: keep-alive
Boulder-Requester: 136349191
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101_YVjJblsPT2H4sWH973zqLbXlKKQjmn42qDZ28m6YjQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "thaliashouseofhorrors.duckdns.org"
  },
  "status": "pending",
  "expires": "2021-11-13T21:08:34Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/deqIDw",
      "token": "0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/aqLaQw",
      "token": "0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/_rpuyA",
      "token": "0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE"
    }
  ]
}
2021-11-06 17:08:39,184:DEBUG:acme.client:Storing nonce: 0101_YVjJblsPT2H4sWH973zqLbXlKKQjmn42qDZ28m6YjQ
2021-11-06 17:08:42,194:DEBUG:acme.client:JWS payload:
b''
2021-11-06 17:08:42,199:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/46845666460:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM2MzQ5MTkxIiwgIm5vbmNlIjogIjAxMDFfWVZqSmJsc1BUMkg0c1dIOTczenFMYlhsS0tRam1uNDJxRFoyOG02WWpRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My80Njg0NTY2NjQ2MCJ9",
  "signature": "qlBjtU2WXTikKP8VVlnfIvFewDAIZd9OoDgupP0dbRgOXYcugaP7IEEFXPweVuomjl2nc2YAm7P_7hwihn4rNe4SoWCaj8AkyD2VC_iNo5fn_RMXmvAL15P0XE91wIfE4SYnZ1yHj_RbOfq3Qut3iUK_JjZtVyJA2PNCQq6647remOx1JAYR-LlG3Pw14TuL89-ZHoi65WqCFm7FZ7s6sKUGWRXlmvipQJiviTuQuMWctDTinmwhvCtOHm44Iy5kqbetozYYYyP5AXTbjz67gjPDmIlE8vkMUmNWCae8V7nT6OX3kl9UEAkB5nWy6o8oIvviHp36SGgEzialIFuinw",
  "payload": ""
}
2021-11-06 17:08:42,284:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/46845666460 HTTP/1.1" 200 814
2021-11-06 17:08:42,285:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 06 Nov 2021 21:08:42 GMT
Content-Type: application/json
Content-Length: 814
Connection: keep-alive
Boulder-Requester: 136349191
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101HtzTuJ-hwpVIe-nwU6Ie2wn-PC63SwYZJamd9rTmmyI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "thaliashouseofhorrors.duckdns.org"
  },
  "status": "pending",
  "expires": "2021-11-13T21:08:34Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/deqIDw",
      "token": "0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/aqLaQw",
      "token": "0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/_rpuyA",
      "token": "0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE"
    }
  ]
}
2021-11-06 17:08:42,285:DEBUG:acme.client:Storing nonce: 0101HtzTuJ-hwpVIe-nwU6Ie2wn-PC63SwYZJamd9rTmmyI
2021-11-06 17:08:45,291:DEBUG:acme.client:JWS payload:
b''
2021-11-06 17:08:45,296:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/46845666460:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM2MzQ5MTkxIiwgIm5vbmNlIjogIjAxMDFIdHpUdUotaHdwVkllLW53VTZJZTJ3bi1QQzYzU3dZWkphbWQ5clRtbXlJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My80Njg0NTY2NjQ2MCJ9",
  "signature": "ZHKKJ2kBPwPt63bB2xh1bJyoEBwTHRrBTJRef0SpBkSugIHfJ4t032ds_lZ5kLt6Wh_vCi4-qOOK4m_l75Fkk6GQUvEe1k97cx7sc92sf1HCTHUDCpgB4WtwTR48g1YFr6ESEdfTEAoUftmiKpogfJVU-1v7Nqtj1ez307WqJIwaBicYqiIlxdaVHrdxvB-QetlENCcs8b0baqeRajREB8Ug5-N0X3xjyylrzbR4qVQVU-l42XT07USuysl29npPgZz7GFhZJYGAcHnS6gqUhyZmY4uBL30XKBd0yLoM9PPk9ozmuhcKlPgzzZ3lVokYKVPx1LMsZWtP_x1w3u1oBg",
  "payload": ""
}
2021-11-06 17:08:45,382:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/46845666460 HTTP/1.1" 200 1110
2021-11-06 17:08:45,382:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 06 Nov 2021 21:08:45 GMT
Content-Type: application/json
Content-Length: 1110
Connection: keep-alive
Boulder-Requester: 136349191
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101hU2BFbXJOxQ2hKYuchHdkc1x4rEoxjctVDQkUYY44fE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "thaliashouseofhorrors.duckdns.org"
  },
  "status": "invalid",
  "expires": "2021-11-13T21:08:34Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "Fetching http://thaliashouseofhorrors.duckdns.org/.well-known/acme-challenge/0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/46845666460/deqIDw",
      "token": "0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE",
      "validationRecord": [
        {
          "url": "http://thaliashouseofhorrors.duckdns.org/.well-known/acme-challenge/0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE",
          "hostname": "thaliashouseofhorrors.duckdns.org",
          "port": "80",
          "addressesResolved": [
            "65.25.77.25"
          ],
          "addressUsed": "65.25.77.25"
        }
      ],
      "validated": "2021-11-06T21:08:35Z"
    }
  ]
}
2021-11-06 17:08:45,383:DEBUG:acme.client:Storing nonce: 0101hU2BFbXJOxQ2hKYuchHdkc1x4rEoxjctVDQkUYY44fE
2021-11-06 17:08:45,383:INFO:certbot._internal.auth_handler:Challenge failed for domain thaliashouseofhorrors.duckdns.org
2021-11-06 17:08:45,383:INFO:certbot._internal.auth_handler:http-01 challenge for thaliashouseofhorrors.duckdns.org
2021-11-06 17:08:45,383:DEBUG:certbot.display.util:Notifying user: 
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: thaliashouseofhorrors.duckdns.org
  Type:   connection
  Detail: Fetching http://thaliashouseofhorrors.duckdns.org/.well-known/acme-challenge/0Z_RTmoHnZBke3i18lUR49LHvpoJOcnzvlRE64EBtzE: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

2021-11-06 17:08:45,384:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "E:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 93, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "E:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 181, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2021-11-06 17:08:45,385:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-11-06 17:08:45,385:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-11-06 17:08:45,385:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80...
2021-11-06 17:08:45,385:DEBUG:certbot._internal.plugins.standalone:Stopping server at 0.0.0.0:80...
2021-11-06 17:08:46,010:ERROR:certbot._internal.renewal:Failed to renew certificate thaliashouseofhorrors.duckdns.org with error: Some challenges have failed.
2021-11-06 17:08:46,012:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "E:\Program Files (x86)\Certbot\pkgs\certbot\_internal\renewal.py", line 474, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "E:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 1387, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "E:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 117, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "E:\Program Files (x86)\Certbot\pkgs\certbot\_internal\renewal.py", line 333, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "E:\Program Files (x86)\Certbot\pkgs\certbot\_internal\client.py", line 375, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "E:\Program Files (x86)\Certbot\pkgs\certbot\_internal\client.py", line 425, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "E:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 93, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "E:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 181, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2021-11-06 17:08:46,014:DEBUG:certbot.display.util:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-11-06 17:08:46,014:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2021-11-06 17:08:46,015:ERROR:certbot._internal.renewal:  C:\Certbot\live\thaliashouseofhorrors.duckdns.org\fullchain.pem (failure)
2021-11-06 17:08:46,015:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-11-06 17:08:46,015:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "runpy.py", line 194, in _run_module_as_main
  File "runpy.py", line 87, in _run_code
  File "E:\Program Files (x86)\Certbot\bin\certbot.exe\__main__.py", line 29, in <module>
    sys.exit(main())
  File "E:\Program Files (x86)\Certbot\pkgs\certbot\main.py", line 15, in main
    return internal_main.main(cli_args)
  File "E:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 1574, in main
    return config.func(config, plugins)
  File "E:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 1461, in renew
    renewal.handle_renewal_request(config)
  File "E:\Program Files (x86)\Certbot\pkgs\certbot\_internal\renewal.py", line 499, in handle_renewal_request
    raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2021-11-06 17:08:46,017:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
1 Like

Hi @grankless and welcome to the LE community forum :slight_smile:

It seems that port 80 isn't able to reach your system.

I'd start by checking the IP, which must match what is being shown in global DNS:

Name:    thaliashouseofhorrors.duckdns.org
Address: 65.25.77.25

Then making sure the firewall or NAT/PAT inline device is properly routing HTTP (TCP port 80) to the IP of your server.

2 Likes

Thank you so much! That fixed it. I didn't realize I had to finagle any ports for that.

2 Likes

Just kidding! The certificate updated, however everyone's browsers still say they're insecure.

1 Like

I just tried checking your server certificate but your site is not working. I could not access your server using openssl and this ssl certificate checker is also not able to see it:
https://decoder.link/sslchecker/thaliashouseofhorrors.duckdns.org/443

Error message indicates possible firewall block. I know that you are complaining of bad cert for the client but hard to check when the site is not available.

3 Likes

It was in use during that period. Using that site myself it informs me that port 443 is being filtered - I opened it up in my Windows firewall and SSLChecker still seems to be saying it's being filtered, so I'm not sure if I should also blast it on my router settings? People can CONNECT just fine.

1 Like

I just tried to connect and it timed out. And the SSL checker at @MikeMcQ's link above still shows port 443 being filtered. Are you sure people can connect just fine? :thinking:

What did you mean by "blast it on my router settings"?

3 Likes

Yeah, my players (it's a virtual tabletop client) were able to connect to the server using the link.

And by "blast" I meant just. Open the port on my router I guess. I am not a computer expert.

1 Like

"Blast OPEN" Okay. :laughing:

As it stands right now, using the link in your original post, it's not accessible over the Internet.
Are your players using a different URL?

2 Likes

I haven't had it open for a couple hours, sorry, hard to keep it open and do other stuff. I will open it back up in the morning, I apologize. But yeah, they use that link and it works - they just get informed that the connection is insecure, and like, it's not stopping anything but I still don't want it around, you know?

1 Like

Okay, the server is up again. I can see that OpenSSL is still saying that 443 is being filtered. SHould I be opening this port on my router, then?

1 Like

Yes, or whatever else needs doing that allowed access to your site. Oh, and all ports are showing "filtered"

3 Likes

I have opened up port 443 on my router. SSL seems to still think it's filtered. Not really sure what the best path to take here is...

1 Like

@grankless Your site is not reachable from outside your network. I cannot reach it from a browser even. Check if your router has a firewall

3 Likes

It does not have a firewall, it seems. People off my network are able to connect just fine... I just had 4 people using the link to connect last night.

1 Like

@grankless I cannot reach it right now. I believe you when you say people used it yesterday. But, we need to see your site to help with your problem and it is not available now.

I am using:
http://thaliashouseofhorrors.duckdns.org/
and trying it with https and both are not reachable

Is there a different domain URL your people are using to connect?

3 Likes

Okay, I double checked with people, they are in fact using https://thaliashouseofhorrors.duckdns.org:30000/[url altered for future security] to connect, with 30000 being the default port for Foundry hosting. Should I be telling it to host through 443 or 80 instead?

2 Likes

Ah, bingo.

If you now go to the sslchecker link and use port 30000 instead of 443 you will see the problem. Your server is sending an expired certificate (2 weeks expired).

I am not familiar with FoundryVTT but you need to ensure it is referencing the new certificate chain you just created with Certbot. Look for the conf that points to ``/etc/letsencrypt/live/thaliashouseofhorrors.duckdns.org/...```
Update: Sorry, just noticed you are Windows so not sure the folder names off-hand but you see the idea.

You can use alternate ports for your clients but you will need port 80 (http) always available so the Certbot --standalone can renew your certificates.

You probably need to restart or reload FoundryVTT after getting fresh certs. Maybe that is why it is still sending the older cert chain.

It would be helpful to mention port 30000 in the future when asking for help :slight_smile:

3 Likes

Sorry for not mentioning it before. Genuinely I just didn't think about it.

After a little putzing around, I got it. Thank you for mentioning --standalone, I replaced and renewed the certificates and now everything works fine and dandy. Thank you so much for all of your assistance, and sorry for the hassles!

4 Likes

That what I thought. :wink:

3 Likes