I'm trying to renewal my certificate but it's now renewing

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: crm.stonetree.ae

I ran this command: sudo certbot --nginx

It produced this output: Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: crm.stonetree.ae
Type: connection
Detail: 217.165.24.210: Fetching http://crm.stonetree.ae/.well-known/acme-challenge/YEL1P21MOB-0bgfHT-J5_pdfL8qZoL6MSm-8f1WUBE4: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

My web server is (include version): Apache/2.4.6 (CentOS

The operating system my web server runs on is (include version): Centos 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.28.0

Port 443 (HTTPS) is open, but port 80 (HTTP) is blocked. HTTP needs to be open for the --nginx plugin to work.

Please see Best Practice - Keep Port 80 Open - Let's Encrypt for more info.

3 Likes

with HTTPS we cannot renew. before when i install the certificate it was same everything

Even with HTTPS you should have port 80 (HTTP) open. Please see my previous post.

2 Likes

sho what should i do now?

Open port 80.

1 Like

website is working with http so it's means port 80 already open

Not from my point of view and neither from a few online tools such as Free Nmap online port scanner 🛡️ scan for open TCP ports or Open Port Checker Tool - Port Tester or Let's Debug

Maybe you're blocking port 80 selective, such as with a geolocation block.

3 Likes