Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: notaws.aicmsi.com
I ran this command: sudo certbot -d home.mydomain.com --manual --preferred-challenges dns certonly
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for notaws.aimcsi.com
Enabled Apache rewrite module
Waiting for verification...
Challenge failed for domain notaws.aimcsi.com
http-01 challenge for notaws.aimcsi.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: notaws.aimcsi.com
Type: connection
Detail: Fetching
http://notaws.aimcsi.com/.well-known/acme-challenge/pBGotFP5fQLRWg9SBmisABXJTNyJm8qANE7jE30PEgY:
Timeout during connect (likely firewall problem)To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version): apache 2.4.41
The operating system my web server runs on is (include version): ubuntu 20.4.2 LTS
My hosting provider, if applicable, is: Verizon fios
I can login to a root shell on my machine (yes or no, or I don't know):I use sudo?
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 1.10.0.dev0
I am trying to get LetsEncrypt set up and autorenewing on this machine at a home office with DDNS set up.
It was working last year.... then the certificate expired. The autorenew failed for what ever reason.
Follwoing another page of instructions now, I use that command above and it fails on fetch. I tried that check my website page and overall it looked good.
googling, I saw there was an expired cert. So I deleted it.
sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: notaws.aimcsi.com
Serial Number: 3a1ef1e928db9e1adb29bead6de9ecfe619
Domains: notaws.aimcsi.com
Expiry Date: 2020-11-19 19:30:09+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/notaws.aimcsi.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/notaws.aimcsi.com/privkey.pem
david@notaws:~$ sudo certbot delete --cert-name notaws.aimcsi.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The following certificate(s) are selected for deletion:
Are you sure you want to delete the above certificate(s)?
(Y)es/(N)o: y
Deleted all files relating to certificate notaws.aimcsi.com.
I tried giving that check my website page the full path (is that a folder with that long string at the end? the pBGotFP5fQL.... URL ?
I don't see a file or folder with that name on the computer.
So, I think port 80 is blocked by my ISP.
Any thoughts on being able to resolve this for a new cert AND have it autorenew? I found a page someone saying without static IP / open port 80, you can't have it autorenew? Is that correct?
I can get a cheap SSL for what, $5? Go that route?