Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: aquarius.je
I ran this command: certbot renew --dry-run
It produced this output:
Fetching http://aquarius.je/.well-known/acme-challenge/cg6W1FJsdUAa2wpfqmOcbuRtwX0-yQcKKwGkFTzBd68: Timeout during connect (likely firewall problem)
My web server is (include version):
Apache/2.4.52 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 22.04.1 LTS
My hosting provider, if applicable, is:
ME
I can login to a root shell on my machine (yes or no, or I don't know):
YES
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
NO
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.32.1
Further Info :
Port 80 is disabled - I won't run a web server with it enabled - regardless of the "port 80 doesn't matter"
DNS is hosted by myself on different servers using Bind.
I am struggling to renew a cert without having to go onto the server and use
ufw allow 80
certbot renew
ufw delete ....
I can add a record to DNS - just not via API - why should I have to enable port 80 for the challenge response ?
TIA for any pointers,
Mack