Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: puddle.zone and mirror puddlezone.ddns.net
I ran this command: sudo certbot certonly
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
1: Apache Web Server plugin - Beta (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): puddle.zone puddlezone.ddns.net
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/puddle.zone.conf)It contains these names: puddle.zone
You requested these names for the new certificate: puddle.zone,
puddlezone.ddns.net.Do you want to expand and replace this existing certificate with the new
certificate?(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for puddle.zone
http-01 challenge for puddlezone.ddns.netSelect the webroot for puddle.zone:
1: Enter a new webroot
Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
Input the webroot for puddle.zone: (Enter 'c' to cancel): /var/www/Select the webroot for puddlezone.ddns.net:
1: Enter a new webroot
2: /var/wwwSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Waiting for verification...
Cleaning up challenges
Unable to clean up challenge directory /var/www/.well-known/acme-challenge
Failed authorization procedure. puddlezone.ddns.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://www.puddle.zone/.well-known/acme-challenge/EzBc-MAIMNg9kY0qY4i9OG50byWgZ8kR3DU3hmNePzQ: Error getting validation dataIMPORTANT NOTES:
The following errors were reported by the server:
Domain: puddlezone.ddns.net
Type: connection
Detail: Fetching
https://www.puddle.zone/.well-known/acme-challenge/EzBc-MAIMNg9kY0qY4i9OG50byWgZ8kR3DU3hmNePzQ:
Error getting validation dataTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version): Apache 2.4.27 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu Server 17.10 (Artful)
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
I've had puddle.zone set up with a cert, but due to timeout issues (likely associated with namecheap) I created a mirror dns record as puddlezone.ddns.net. Both addresses point to the same IP, and work, but the ddns one give an invalid cert (because only one domain has a cert at this time). Port 80 is blocked both by our firewall and by apache's firewall (it's supposed to be configured to force everything to https). I'm not using the apache validation method because it seems that's not compatable with ddns. For that, when I ran the command but chose apache instead of webroot, I got the following error
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for puddle.zone
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.