Had to renew and it was hard looks like it worked

Ray · June 11, 2018, 11:26am

I was getting close to have to renew and I did the same as last time but this time it said do a apt install certbot last time I had to install it with a git@github.com:certbot/certbot.git

Then doing a certbot renew got RED color errors. Replace my real domain name with XXXX.XXX

Attempting to renew cert (XXXX.XXX-0001) from /etc/letsencrypt/renewal/XXXX.XX-0001.conf produced an unexpected error: Failed authorization procedure. XXXX.XX (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://XXXX.XXX/.well-known/acme-challenge/x057a6BUHC_zmq68468LXO1BRcJV6QdIMZap_MN38f0: Timeout during connect (likely firewall problem). Skipping.

Maybe it was because it shows a http and not a https in the fetching red part.

Looks like it worked when I did this:

root@rayday:/media/6TB/USBdisk2-3TB/root/letsencrypt# certbot run -a webroot -i apache -w /media/6TB/USBdisk2-3TB/var/www -d XXXX.XXX
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer apache
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/XXXX.XXX.conf)

What would you like to do?
-------------------------------------------------------------------------------
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for XXXX.XXX
Using the webroot path /media/6TB/USBdisk2-3TB/var/www for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. XXXX.XXX (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://XXXX.XXX/.well-known/acme-challenge/Iii8GxdSguDOVmcWwVlxzHjTjFJNC_bURhrzqtAVsYI: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: XXXX.XXX
   Type:   connection
   Detail: Fetching
   http://XXXX.XXX/.well-known/acme-challenge/Iii8GxdSguDOVmcWwVlxzHjTjFJNC_bURhrzqtAVsYI:
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
root@rayday:/media/6TB/USBdisk2-3TB/root/letsencrypt# ssl-cert-check -c /etc/letsencrypt/live/XXXX.XXX/cert.pem

Host                                            Status       Expires      Days
----------------------------------------------- ------------ ------------ ----
FILE:/etc/letsencrypt/live/XXXX.XXX/cert.pem   Valid        Sep 9 2018   90    
root@rayday:/media/6TB/USBdisk2-3TB/root/letsencrypt#

It says 90 days now so looks like it worked. Maybe this will help some one else.

-Raymond Day

stevenzhu · June 11, 2018, 4:12pm

Hi,

Please share us some information so we could help you...

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

Thank you

JuergenAuer · June 11, 2018, 4:18pm

Hi @Ray

the http-01 - challenge uses always http / Port 80. So this port must be available. If a firewall blocks this port or if there is no http-service there, http-01 - challenge will fail.

Ray · June 12, 2018, 11:22am

That must be it I said to only use https and not both when I set it up.

Ray · June 12, 2018, 11:24am

It’s a open port to my home internet running on a Intel compute stick with Ubuntu server on it. So yes can login as root. No control panel. If any thing have Webmin on it but don’t have a open port on 10000 it’s port so just get to it on my LAN.

system · July 12, 2018, 11:24am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Renewal problems after upgrading certbot Help	13	1883	March 18, 2019
Certbot Renew Fails The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet Help	8	2092	May 18, 2024
Webroot renewal failure with Certbot Help	12	4830	September 9, 2017
Cant renew my certificat Help	11	2262	February 14, 2018
Problem with automatic certificate renewal Help	6	2330	February 11, 2018

Had to renew and it was hard looks like it worked

Related topics