Http-01 Challenges fail

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
rmlensman.com

I ran this command: sudo ./letsencrypt-auto --apache -d rmlensman.com -d www.rmlensman.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for rmlensman.com
http-01 challenge for www.rmlensman.com
Enabled Apache rewrite module
Waiting for verification…
Challenge failed for domain rmlensman.com
Challenge failed for domain www.rmlensman.com
http-01 challenge for rmlensman.com
http-01 challenge for www.rmlensman.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version):
Apache/2.4.29

The operating system my web server runs on is (include version):
Ubuntu 20.04

My hosting provider, if applicable, is:
hostway

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version

ufw status = "Apache Full’, ‘Open SSH’
DNS A records rmlensman.com, www.rmlensman.com
DocumentRoot /var/www/rmlensman.com
if you’re using Certbot):

Hi @Bobert1

your port 80 doesn’t answer, see https://check-your-website.server-daten.de/?q=rmlensman.com

Domainname Http-Status redirect Sec. G
http://rmlensman.com/ 69.112.250.198 -14 10.027 T
Timeout - The operation has timed out
http://www.rmlensman.com/ 69.112.250.198 -14 10.046 T
Timeout - The operation has timed out
https://rmlensman.com/ 69.112.250.198 GZip used - 24165 / 90346 - 73,25 % Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 1/962 200 Html is minified: 101,13 % 3.843 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://www.rmlensman.com/ 69.112.250.198 GZip used - 24171 / 90382 - 73,26 % Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 1/962 200 Html is minified: 101,13 % 3.794 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
http://rmlensman.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 69.112.250.198 -14 10.000 T
Timeout - The operation has timed out
Visible Content:
http://www.rmlensman.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 69.112.250.198 -14 10.043 T
Timeout - The operation has timed out

Port 443 is open, but if you want to renew your certificate via http validation, http + /.well-known/acme-challenge/random-filename must answer (may have a redirect to https).

So

  • your port 80 doesn’t work (or)
  • there is a blocking firewall or a regional filter you have to remove.

Letsencrypt must be able to check your domain. But if online tools can’t check your domain, Letsencrypt can’t check.

Thanks for the prompt reply JuergenAuer. Don’t know what’s going on with port 80, will have to consult my ISP I guess. They claim it’s ope, and I’m not aware of any filters, regional or otherwise.