Let's Encrypt certificate expiration notice

AXN · January 3, 2023, 10:31pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I have difficulties in updating / renewing my certificate. Error-message as follows.
Thanks for any help (I'm no profound linux user ...)

My domain is: axn.myftp.org

I ran this command: sudo certbot -v
It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

1: axn.myftp.org

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Certificate is due for renewal, auto-renewing...
Renewing an existing certificate for axn.myftp.org
Performing the following challenges:
http-01 challenge for axn.myftp.org
Waiting for verification...
Challenge failed for domain axn.myftp.org
http-01 challenge for axn.myftp.org

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: axn.myftp.org
Type: connection
Detail: 84.175.227.9: Fetching http://axn.myftp.org/.well-known/acme-challenge/fhXJVHv7GjpK7X6-aLS1in7J1pE28iwByGUafMUaq-w: Timeout during connect (likely firewall problem)

My web server is (include version):
Server version: Apache/2.4.52 (Ubuntu)
Server built: 2022-09-30T04:09:50

The operating system my web server runs on is (include version): ubuntu server 22.04 (?)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

Bruce5051 · January 3, 2023, 10:43pm

Hello @AXN, welcome to the Let's Encrypt community.

Using Let's Debug show here https://letsdebug.net/axn.myftp.org/1322118 that you do not have HTTP Port 80 open which is required for the HTTP-01 Challenge.

Best Practice - Keep Port 80 Open

And nmap also show that Port 80 isn't open:

$ nmap axn.myftp.org
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-03 22:39 UTC
Nmap scan report for axn.myftp.org (84.175.227.9)
Host is up (0.19s latency).
rDNS record for 84.175.227.9: p54afe309.dip0.t-ipconnect.de
Not shown: 996 filtered ports
PORT     STATE SERVICE
443/tcp  open  https
4443/tcp open  pharos
5001/tcp open  commplex-link
8443/tcp open  https-alt

Nmap done: 1 IP address (1 host up) scanned in 13.15 seconds

Bruce5051 · January 3, 2023, 11:09pm

And there is this online tool TCP Port Scanner, Online Port Scan, Port Scanning | IPVoid
I had inputted 84.175.227.9 and selected Scan all common ports and I see this

Bruce5051 · January 4, 2023, 3:19pm

Good I see some progress, Port 80 is now open.

$ nmap axn.myftp.org
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-04 15:17 UTC
Nmap scan report for axn.myftp.org (84.175.227.9)
Host is up (0.19s latency).
rDNS record for 84.175.227.9: p54afe309.dip0.t-ipconnect.de
Not shown: 995 filtered ports
PORT     STATE SERVICE
80/tcp   open  http
443/tcp  open  https
4443/tcp open  pharos
5001/tcp open  commplex-link
8443/tcp open  https-alt

Nmap done: 1 IP address (1 host up) scanned in 11.74 seconds

Bruce5051 · January 5, 2023, 7:16pm

Hello @AXN,

Looks like you were successful in getting a certificate.
Looking at SSL Server Test: axn.myftp.org (Powered by Qualys SSL Labs)
and https://decoder.link/sslchecker/axn.myftp.org/443 shows
|Not Before: |Jan 04, 2023 18:28:41 GMT|
|Not After: |Apr 04, 2023 18:28:40 GMT |

AXN · January 5, 2023, 9:28pm

Hello Bruce,

thank you so much for your messages. I was working so I didn't have the opportunity to follow through. I've just opened port 80 ...

I'll check everything tomorrow - it's holiday over here - so, time for the server

THANKS VERY MUCH!

Kind regards

Axel

system · February 4, 2023, 9:28pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.