I can't renew my certificates


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: coto.duckdns.org

I ran this command: pi@hassbian $ /home/pi/certbot/certbot-auto certonly --standalone --preferred-challenges http-01 --email cototo2005@gmail.com -d coto.duckdns.org

It produced this output:
Attempting to renew cert (coto.duckdns.org) from /etc/letsencrypt/renewal/coto.duckdns.org.conf produced an unexpected error: Failed authorization procedure. coto.duckdns.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://coto.duckdns.org/.well-known/acme-challenge/UBZCvPYV9mAIKkuXAt6A9WdTjyxDEgrqz8IVKpicpEA: Error getting validation data. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/coto.duckdns.org/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/coto.duckdns.org/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:

  • The following errors were reported by the server:
    Domain: coto.duckdns.org
    Type: connection
    Detail: Fetching
    http://coto.duckdns.org/.well-known/acme-challenge/UBZCvPYV9mAIKkuXAt6A9WdTjyxDEgrqz8IVKpicpEA:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    The operating system my web server runs on is (include version):My web server is (include version): I have Home Assistant in a Raspberry pi 3b (Hassbian) at port 37.
    Port 37 - 80 - 443 - 8123 are open
    I use port 8123 for login to home assistant
    The operating system my web server runs on is (include version): Raspbian GNU/Linux 9 (stretch)


#2

Hi @cototo

you are using the http-01 - challenge.

But Port 80 says:

Fehler: Verbindung unterbrochen
Die Verbindung zum Server wurde zurückgesetzt, während die Seite geladen wurde.

So no connection is possible. http-01 needs http on port 80.

But

https://coto.duckdns.org:80/

works. You have https on port 80. You must allow http on port 80. Configure port 443 with https.


#3

Thanks a lot! Now it’s working.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.