Issue Renewing Certificate

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mrboogers.com

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version): Unraid 6.9.1

My hosting provider, if applicable, is: namecheap

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.18.0

Logs:
<------------------------------------------------->

<------------------------------------------------->
cronjob running on Mon Aug 23 02:08:01 ADT 2021
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/ombi.mrboogers.com.conf

Renewing an existing certificate for ombi.mrboogers.com and 3 more domains

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: homeassistant.mrboogers.com
Type: connection
Detail: Fetching http://homeassistant.mrboogers.com/.well-known/acme-challenge/En7Le0gVpGo1adIppFMWk_Dhbsby2q8bH0RFvFJILYk: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Failed to renew certificate ombi.mrboogers.com with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/ombi.mrboogers.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
<------------------------------------------------->

<------------------------------------------------->
cronjob running on Tue Aug 24 02:08:00 ADT 2021
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/ombi.mrboogers.com.conf

Renewing an existing certificate for ombi.mrboogers.com and 3 more domains

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: homeassistant.mrboogers.com
Type: connection
Detail: Fetching http://homeassistant.mrboogers.com/.well-known/acme-challenge/mEWooY7S_IL6tmrEX3WQiiOkZ6_qf0B_SbEGBp1X1Yc: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Failed to renew certificate ombi.mrboogers.com with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/ombi.mrboogers.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
<------------------------------------------------->

<------------------------------------------------->
cronjob running on Wed Aug 25 02:08:00 ADT 2021
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/ombi.mrboogers.com.conf

Renewing an existing certificate for ombi.mrboogers.com and 3 more domains

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: homeassistant.mrboogers.com
Type: connection
Detail: Fetching http://homeassistant.mrboogers.com/.well-known/acme-challenge/hw_8JiheyUdx0RwWR1OGE3Yh1QfBJiUPUI3vgDH_tvU: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Failed to renew certificate ombi.mrboogers.com with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/ombi.mrboogers.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
<------------------------------------------------->

<------------------------------------------------->
cronjob running on Thu Aug 26 02:08:00 ADT 2021
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/ombi.mrboogers.com.conf

Renewing an existing certificate for ombi.mrboogers.com and 3 more domains

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: homeassistant.mrboogers.com
Type: connection
Detail: Fetching http://homeassistant.mrboogers.com/.well-known/acme-challenge/5s0ecU2RoqBlUFMUXeNoMdOsmZAI5-oNwk1O7--7NK0: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Failed to renew certificate ombi.mrboogers.com with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/ombi.mrboogers.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
<------------------------------------------------->

<------------------------------------------------->
cronjob running on Fri Aug 27 02:08:00 ADT 2021
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/ombi.mrboogers.com.conf

Renewing an existing certificate for ombi.mrboogers.com and 3 more domains

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: homeassistant.mrboogers.com
Type: connection
Detail: Fetching http://homeassistant.mrboogers.com/.well-known/acme-challenge/bQ0L91w7rWEfOqXQw-LZeXtGXwvbq_UCzv95sPB9dRQ: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Failed to renew certificate ombi.mrboogers.com with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/ombi.mrboogers.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
<------------------------------------------------->

<------------------------------------------------->
cronjob running on Sat Aug 28 02:08:00 ADT 2021
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/ombi.mrboogers.com.conf

Renewing an existing certificate for ombi.mrboogers.com and 3 more domains

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: homeassistant.mrboogers.com
Type: connection
Detail: Fetching http://homeassistant.mrboogers.com/.well-known/acme-challenge/C_NeO4OL0M4Ox1CSl0dy8QRPZQT9cxrbIPjQIR3bSpg: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Failed to renew certificate ombi.mrboogers.com with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/ombi.mrboogers.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

2

The hints in the certbot output says it all ^^^.

1 Like
3

I havent changed the port forwarding configuration from when I set things up a year ago (everything was working fine), and that port is forwarded. maybe there was some change with namecheap and the domain

4

Maybe. Fact is: your host at homeassistant.mrboogers.com (which resolves to 134.41.165.133 via ptowerha.duckdns.org) is down entirely: I can't ping it, I can't connect to it on port 80 and I can't connect to it on port 443.

5

I ended up just paying the $5 a month to HA for Nabu Casa and to support the devs, so I never finished setting it up through the reverse proxy. duckdns hasnt even been updating the IP for that domain (I must have not even added it to the duckdns list in unraid).

6

looks like the setup is really mangled, i could not open the URLs at all

7

when I try to connect to ombi.mrboogers.com from my own network, it tells me the connection isnt private, but allows me to continue if i want to. Here is the message i get:

Your connection isn't private

Attackers might be trying to steal your information from ombi.mrboogers.com (for example, passwords, messages, or credit cards).

NET::ERR_CERT_DATE_INVALID

Go backHide advanced

This server could not prove that it is ombi.mrboogers.com ; its security certificate expired 55 days ago. This may be caused by a misconfiguration or an attacker intercepting your connection. Your computer's clock is currently set to Monday, August 30, 2021. Does that look right? If not, you should correct your system's clock and then refresh this page.

8

what does

certbot certificates

have to say?

9

If one of the hostnames of the certificate cannot be validated, by default the entire certificate won't renew. However, there is an option which will renew the certificate, but will delete any failed hostname from the certificate: --allow-subset-of-names

1 Like
10

I just deleted homeassistant from SWAG's config and everything ran fine, thank you for mentioning if one fails, they all do

2 Likes
11

you might want to put an HTML list of links on the TLD so that it is more easily discoverable by search engines

12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.