Not able to renew certificate the first time after successfully updated it for the last 2 years or so

Some webservers on backend using nginx and some Apache if it even matters.

No worries :slight_smile:
I still have one month to figure it out until my wild certificate expired.

1 Like

The --standalone method is difficult to debug because you need to keep Certbot running to test connection from the public internet.

A way to test this is to use these command options

certbot certonly --standalone --dry-run --debug-challenges -v -d (domain)

This command will show you the challenge URL to try from the public internet and the proper response. After showing you this it will say "Press Enter to Continue". DO NOT PRESS ENTER.

Leave it paused like that and use a different device to test connection. You can even use a mobile phone with wifi disabled so use your carrier's network.

You do not have to use the full URL. Just try http://(yourdomain)

If the connection works this shorter URL should see a response like below. If you don't see this something is wrong with the network routing on your end. Like a router isn't mapping port 80 correctly or something like that. Repeat this until you get a successful result then try the cert request.

ACME client standalone challenge solver

It is not working over internet, but only locally.

curl localhost
ACME client standalone challenge solver
This is a good tip, I have to make it working over internet.

1 Like

Thank you very much for your help!

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/
Key is saved at: /etc/letsencrypt/live/
This certificate expires on 2024-09-08.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

If you like Certbot, please consider supporting our work by:


Hi Alex,

Please kindly check your TXT record and make sure you have added it correctly on your DNS settings. Cloudflare is free DNS service and you can point your domain to their name server, then you can add your TXT record to make sure your SSL back working again. Good luck!

Hi Bill,

I was looking at this option and going to try it soon. But for now I just spin another small linux vm and pointed port 80 to it and use it to create individual certificates for each webserver.
Wrote small shell script to automation process and I am fine with this solution.


(post deleted by author)