Letsencrypt-auto renew no longer works

Help
4

Hi @robkampen

checking your domain via https://check-your-website.server-daten.de/?q=koinonia.co.nz I don't see a "Connection refused", instead an active block:

Domainname Http-Status redirect Sec. G
http://koinonia.co.nz/
202.49.165.204 -2 2.387 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 202.49.165.204:80
http://www.koinonia.co.nz/
202.49.165.204 -2 2.493 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 202.49.165.204:80
https://koinonia.co.nz/
202.49.165.204 200 9.810 B
https://www.koinonia.co.nz/
202.49.165.204 200 9.930 N
Certificate error: RemoteCertificateNameMismatch
http://koinonia.co.nz/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
202.49.165.204 -2 2.880 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 202.49.165.204:80
http://www.koinonia.co.nz/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
202.49.165.204 -2 3.194 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 202.49.165.204:80

If you habe a "home server", port 80 is sometimes blocked. So you have three options:

  • Change the place of your server, so it's not longer a home server and you have a working port 80
  • use dns-01 - validation. But then your dns provider should support an API, I don't see something on godzone.net.nz. Or you have to create a new dns txt entry every 60 - 85 days.
  • use tls-alpn-01 as replacement of the tls-sni-01 - validation. Some clients have now support, see Which client support tls-alpn challenge? - #2 by tdelmas

But there - https://www.godzone.net.nz/ - I don't find informations that port 80 is generally blocked.