Help regarding renewing let's encrypt certificate

an139530 · September 11, 2019, 7:59pm

Can someone please help me with this issue:
I got an email stating that my certificate will expire in 10 days

My domain is: https://veratanlp.centralus.cloudapp.azure.com

I ran this command: sudo certbot renew

It produced this output:
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/veratanlp.centralus.cloudapp.azure.com/fullchain.pem (failure)
http://veratanlp.centralus.cloudapp.azure.com/.well-known/acme-challenge/uxIJrkHyhoeFqsxA1vAcNz-dPq4-8JSo7NCqSShCBt8:
Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

danb35 · September 11, 2019, 9:05pm

This is telling you what the problem--the Let's Encrypt servers can't connect to your hostname on port 80. They need to be able to do that.

an139530 · September 11, 2019, 9:49pm

ok, so what we should do, so that Let’s Encrypt servers can connect to our hostname on port 80.

Like how can we let it happen, can you please give us the clue

danb35 · September 11, 2019, 9:54pm

Fix your servers, fix your router, fix your firewall--the problem is on your end. You've changed something in your network or server configuration since you got the cert, and now the world can't connect. In order to obtain or renew a cert using HTTP validation (which is what you're trying to do), the outside world needs to be able to reach your server--but it can't do so.

an139530 · September 18, 2019, 3:55pm

ok thanks, we are doing that but just a question to my mind how come Let’s encrypt has been running successfully on our server since Feb 2019 and getting failed now. I also run renew-dry run at that time and it gave no error.

system · October 18, 2019, 4:09pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.