How to renew expired Let's Encrypt certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:certbot renew --force-renewal

It produced this output:The following error was encountered:
[Errno 13] Permission denied: ‘/var/log/letsencrypt/.certbot.lock’
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.

My web server is (include version):

The operating system my web server runs on is (include version):Linux raspberrypi 4.19.57-v7+ #1244 SMP

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


Hi @witan4702

run your command as root or add sudo.

PS: Your http doesn't work -

Domainname Http-Status redirect Sec. G -14 10.027 T
Timeout - The operation has timed out -4 0.447 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream. -8 0.447 A
ConnectionClosed - The underlying connection was closed: The connection was closed unexpectedly.
Visible Content: -14 10.014 T
Timeout - The operation has timed out

An open port 80 is required, checking a file in /.well-known/acme-challenge must work.

Fatal: Check of /.well-known/acme-challenge/random-filename has a timeout.
Creating a Letsencrypt certificate via http-01 challenge can't work.
You need a running webserver (http) and an open port 80. If it's a home server + ipv4,
perhaps a correct port forwarding port 80 extern ⇒ working port intern is required.
Port 80 / http can redirect to another domain port 80 or port 443, but not other ports.
If it's a home server, perhaps your ISP blocks port 80.
Then you may use the dns-01 challenge.


i did run certbot renew command as root it done

thanks sir,


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.