Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: koinonia.co.nz, bayunited.org.nz mail.koinonia.co.nz
I ran this command: sudo ~/Downloads/letsencrypt/letsencrypt-auto renew
It produced this output:
Attempting to renew cert (koinonia.co.nz) from /etc/letsencrypt/renewal/koinonia.co.nz.conf produced an unexpected error: Failed authorization procedure. mail.koinonia.co.nz (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mail.koinonia.co.nz/.well-known/acme-challenge/0csmzDZoNBiM8NLBulPkff7RFOzJtL06cN67zl63P3A: Connection refused, bayunited.org.nz (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://bayunited.org.nz/.well-known/acme-challenge/HgcDA04GHV33rIzh96pbiwhHBYrIUw59gXSZMLQ0hzI: Connection refused, koinonia.co.nz (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://koinonia.co.nz/.well-known/acme-challenge/M5ROxw6KQ7Tb5LZVejIBGCiIcoqM0Xez0R6XC3CpUWo: Connection refused. Skipping.
All renewal attempts failed. The following certs could not be renewed:
My web server is (include version): Apache 2.2.15-69.el6
The operating system my web server runs on is (include version): CentOS 6
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No - command line via ssh connection
The above command has worked fine for 18 months, renewing every 3 months - except today it is not happy. I suspect this is due to it trying an http request rather than https.
Our internet service provider uses port 80 to access their radio equipment, hence it never gets to connect to the server. port 443 22 etc are fine - just 80 is unavailable.
I see that there is some discussion about using port 443 being a problem in hosting environments … now it has left me with a problem.