Hi, I have read through many posts that seemed relevant on this forum and SO, and am still struggling. Thank you for your time and assistance in advance.
My domain is: eyesonhives.com
I ran this command: sudo letsencrypt renew
It produced this output:
sudo letsencrypt renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/eyesonhives.com.conf
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for eyesonhives.com
http-01 challenge for www.eyesonhives.com
nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/sites-enabled/eyesonhives:48
Waiting for verification...
Cleaning up challenges
nginx: [warn] duplicate MIME type "text/html" in /etc/nginx/sites-enabled/eyesonhives:44
Attempting to renew cert (eyesonhives.com) from /etc/letsencrypt/renewal/eyesonhives.com.conf produced an unexpected error: Failed authorization procedure. www.eyesonhives.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.eyesonhives.com/.well-known/acme-challenge/8eIihpkHHdWNp7iX2urXgO9j0lrMl0UVgrpnNm9ZOpA: Timeout during connect (likely firewall problem), eyesonhives.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://eyesonhives.com/.well-known/acme-challenge/Kn-0CrthZwwrc9-8FJ4zVakFrF1GLBLMdhJlMGXe5R8: Timeout during connect (likely firewall problem). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/eyesonhives.com/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/eyesonhives.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: www.eyesonhives.com
Type: connection
Detail: Fetching
http://www.eyesonhives.com/.well-known/acme-challenge/8eIihpkHHdWNp7iX2urXgO9j0lrMl0UVgrpnNm9ZOpA:
Timeout during connect (likely firewall problem)Domain: eyesonhives.com
Type: connection
Detail: Fetching
http://eyesonhives.com/.well-known/acme-challenge/Kn-0CrthZwwrc9-8FJ4zVakFrF1GLBLMdhJlMGXe5R8:
Timeout during connect (likely firewall problem)To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version): nginx/1.14.0
The operating system my web server runs on is (include version): Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-39-generic x86_64)
My hosting provider, if applicable, is: (godaddy configured dns, locally hosted webserver)
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no, although dns configured with godaddy.
Notes:
- Letsencrypt had been working and autorenewing perfectly until upgrading from 16.04LTS to 18.04LTS in November.
- I have nginx sub configuration in sites-enabled doing a redirect of all non https scheme to https, originally custom, now as per letsencrypt tutorial.
- Tried nuking and re-starting nginx configuration from scratch
- I am using webroot, and can access a test file https://eyesonhives.com/.well-known/acme-challenge/test.json
- I noticed that the http-01 challenge is calling the http site (could the redirect be part of problem?)
- Server only accessible via IPv4, only A record configured on DNS (no AAAA entry),
- curl -IkL -m20 http://eyesonhives.com shows port 80 open (although I have a 307 redirect in nginx conf)
- curl -IkL -m20 https://eyesonhives.com:443 shows 443 open (also has the 307 redirect)
- Tried forcing IPv4 mapping to letsencrypt via hosts entry (now removed) 104.110.134.170 acme-v01.api.letsencrypt.org
- Tried redoing webroot
Looking forward to any help and insights! Thank you again!