Please help, certbot renewal not working

Hello,
i am running my apps on Ubuntu 16.04 in Docker behind nginx
It was working but now i have run into a problem renewing certificate using certbot,

I have correct DNS A record for my domain
I have correctly set port forwarding on my router
I can access my web server normally
Yet i got timeout message when trying to renew certificate using certbot
I have currently turned of docker and nginx and I am trying to renew the certificate in --standalone mode, but with no success, still getting timeouts. Could you please help me renew my certificate?
I am kind of lost now.

My domain is:
server.mysteryroom.cz

I ran this command:
sudo certbot --standalone --preferred-challenges http --debug-challenges -v renew

It produced this output:
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/server.mysteryroom.cz.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Requested authenticator standalone and installer <certbot.cli._Default object at 0x7f8c7e54d278>
Var authenticator=standalone (set by user).
Should renew, less than 30 days before certificate expiry 2020-03-06 07:51:05 UTC.
Cert is due for renewal, auto-renewing...
Requested authenticator standalone and installer None
Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7f8c7e5236a0>
Prep: True
Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x7f8c7e5236a0> and installer None
Plugins selected: Authenticator standalone, Installer None
Picked account: <Account(RegistrationResource(new_authzr_uri=None, terms_of_service=None, body=Registration(key=None, contact=(), only_return_existing=None, status=None, agreement=None, terms_of_service_agreed=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/54773792'), ca8cf37f38b924c2ea927eb81425de57, Meta(creation_host='MR', creation_dt=datetime.datetime(2019, 4, 7, 19, 37, 6, tzinfo=<UTC>)))>
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
"GET /directory HTTP/1.1" 200 658
Received response:
HTTP 200
Date: Thu, 27 Feb 2020 08:33:13 GMT
Strict-Transport-Security: max-age=604800
Content-Length: 658
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Server: nginx
Connection: keep-alive
Content-Type: application/json

{
  "T4AZYOj9Q1k": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
Renewing an existing certificate
Generating key (2048 bits): /etc/letsencrypt/keys/0182_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0182_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
"HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Replay-Nonce: 0002Kw9fZH23F0Pp2roSEmZVNUZWdMtQPaG_wMFjl-y9-5s
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Server: nginx
Date: Thu, 27 Feb 2020 08:33:13 GMT
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Strict-Transport-Security: max-age=604800


Storing nonce: 0002Kw9fZH23F0Pp2roSEmZVNUZWdMtQPaG_wMFjl-y9-5s
JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "server.mysteryroom.cz"\n    }\n  ]\n}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "signature": "iVqpMc-xv6COAhFbnivFYacEyouEMYGYSfj3f2aDp0L83l0IP5vhXzoFGYHwCPITA_ECPETdwVpOWWCOyleiurzus-7YRBuSbZeASkwKwPp5-8FQQDFEC-e1twt9MoZCQRlWVRAkCnAofhKs4peWKqmjth3RdN1Buiwvicuwo0YFoILD6UhefVLoi1fpW0U_CmlAP7j_mc4GeBDdijvBCAqHbbFDhUe8m1qUnozsSX7DkDsVZ7bJ0phgkhRTxVvSGOsiND3865NYSFcYRCMIzVPCtq7MkGwyCBzePpHH2cr_L5iacgwlOsT_3JnPH8B0pGryfmH2mvD7-G0bHgpY0A",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNlcnZlci5teXN0ZXJ5cm9vbS5jeiIKICAgIH0KICBdCn0",
  "protected": "eyJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NDc3Mzc5MiIsICJhbGciOiAiUlMyNTYiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJub25jZSI6ICIwMDAyS3c5ZlpIMjNGMFBwMnJvU0VtWlZOVVpXZE10UVBhR193TUZqbC15OS01cyJ9"
}
"POST /acme/new-order HTTP/1.1" 201 351
Received response:
HTTP 201
Strict-Transport-Security: max-age=604800
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Date: Thu, 27 Feb 2020 08:33:13 GMT
Connection: keep-alive
Content-Length: 351
Replay-Nonce: 0002mzVfjYZ4xg-5cGEyPIgprAILXvT350Ts5kAg65gQO4A
Location: https://acme-v02.api.letsencrypt.org/acme/order/54773792/2461260787
Server: nginx
X-Frame-Options: DENY
Boulder-Requester: 54773792

{
  "status": "pending",
  "expires": "2020-03-05T08:33:13.878550861Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "server.mysteryroom.cz"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/3037875988"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/54773792/2461260787"
}
Storing nonce: 0002mzVfjYZ4xg-5cGEyPIgprAILXvT350Ts5kAg65gQO4A
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3037875988:
{
  "signature": "YuNS2LUo0niZF3xJ0eOxMFV4j-fI-WzVDbmESTRG8ZamyBcJrNttlqhXyelRI7KbjTU0IxOqhegI2qZKpmAmUCfVXUtbC981gaKnYqz4ZhpWmkh08sQxe3iw3jcbubUxDKL91dzEABM1X3uIpgAZb9M-6Req5_AZsUeBZhxU2Lf_v6lD780bThO6lvLTWPuhx-fdqy9I1on5wWBtXnmvdGimvUE-kgF7j3YRzp62EnSEo-hp1IVz6f_LQgs5ZrUqAMdNpWIfatm0Yat9Sz_xsiPSvoplsVzre9rHzFl3TqCM3GrFw9-fFs-sVnSPAdp25x1fg7jM3kaDdQxW6H-oSA",
  "payload": "",
  "protected": "eyJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NDc3Mzc5MiIsICJhbGciOiAiUlMyNTYiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwMzc4NzU5ODgiLCAibm9uY2UiOiAiMDAwMm16VmZqWVo0eGctNWNHRXlQSWdwckFJTFh2VDM1MFRzNWtBZzY1Z1FPNEEifQ"
}
"POST /acme/authz-v3/3037875988 HTTP/1.1" 200 799
Received response:
HTTP 200
Replay-Nonce: 0002iq1Av7NRA8tlQ_usVkJh9Fa9aoPaw0fdc-lg3y6nxrw
Strict-Transport-Security: max-age=604800
Content-Length: 799
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Server: nginx
Connection: keep-alive
Date: Thu, 27 Feb 2020 08:33:14 GMT
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Content-Type: application/json
Boulder-Requester: 54773792

{
  "identifier": {
    "type": "dns",
    "value": "server.mysteryroom.cz"
  },
  "status": "pending",
  "expires": "2020-03-05T08:33:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/zmkhww",
      "token": "tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/58p3HA",
      "token": "tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/aFd9yw",
      "token": "tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ"
    }
  ]
}
Storing nonce: 0002iq1Av7NRA8tlQ_usVkJh9Fa9aoPaw0fdc-lg3y6nxrw
Performing the following challenges:
http-01 challenge for server.mysteryroom.cz
Successfully bound to :80 using IPv6
Certbot wasn't able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
Waiting for verification...

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
JWS payload:
b'{\n  "resource": "challenge",\n  "type": "http-01",\n  "keyAuthorization": "tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ.ZB17rNjmwbuUuHYKl5pB6W1Bzx5WSWnVdz00psxnKKM"\n}'
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/zmkhww:
{
  "signature": "gbszjoRI63bysiwrKa60kStQykG-nVCzo4XW7fL2LUR7TiiJXv6sGJ_c9ljM83eUSpjvjteORAzmPEqLPhbYeGvGEOA09HWO-RmQV3US2-kDjm7zF-E8k9omYB_ewgNHyVcjFyWUDpRobDLcUrmfYmX_nO47AY4DWFYIREGVFFu4jNS48qw7DMtfn0vdY5naFgPLkBO8x-PtCLVGjcBfMBmzIdZBFbJul9OPfu_C5np14s3IPHKKqzj93_rBbHS6v0ejRuJL-zp0vr8q7FOyCOCCEHdAG2W4KSzVxFgspKIwG_fU2dN10q_Q1BH2ZTs3Eia9ssI4tkxEIAN5eJetzg",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiLAogICJrZXlBdXRob3JpemF0aW9uIjogInRHTTZ5Sks4SGtMSHBnckt1MzFrMHlzYkVuQ0cwdVlzM0JyLTFJOWxQSFEuWkIxN3JOam13YnVVdUhZS2w1cEI2VzFCeng1V1NXblZkejAwcHN4bktLTSIKfQ",
  "protected": "eyJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NDc3Mzc5MiIsICJhbGciOiAiUlMyNTYiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMwMzc4NzU5ODgvem1raHd3IiwgIm5vbmNlIjogIjAwMDJpcTFBdjdOUkE4dGxRX3VzVmtKaDlGYTlhb1BhdzBmZGMtbGczeTZueHJ3In0"
}
"POST /acme/chall-v3/3037875988/zmkhww HTTP/1.1" 200 185
Received response:
HTTP 200
Strict-Transport-Security: max-age=604800
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/3037875988>;rel="up"
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Date: Thu, 27 Feb 2020 08:33:14 GMT
Connection: keep-alive
Content-Length: 185
Replay-Nonce: 0002X7SCM2LQXQh7q9GnYMK7bWU7ncKACej1GcclBV8aKzk
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/zmkhww
Server: nginx
X-Frame-Options: DENY
Boulder-Requester: 54773792

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/zmkhww",
  "token": "tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ"
}
Storing nonce: 0002X7SCM2LQXQh7q9GnYMK7bWU7ncKACej1GcclBV8aKzk
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3037875988:
{
  "signature": "t8T-cuPsYcnvchq9XqKlDHGtec6HmVbrRzqDC-Lu9FHK0UewZxucZSLpoYQoOwr7vPyKcSNk_VtESqY8nZvmcxD7_zLl9I3re5ij-gQim8hwSydjRsrJEbWRIZlBr3WqdLznu7TMriZ7w12v-cphuNHmo2GAEsunIsUt2rVkwty1WRRgzPFAyEnlN1Oo84f53eXrBjpTGkZ-WgmoADhe3BlKcPp9QJDC9lC6taAN1YORZhcj6JxAS9wLGb6_IYWf4v2vSfxlLvGz4OBijaaUUkEFfkYXCq8QLNwNIfJ0vPAqPprPsGCV8MpYUZM-CqweHJJGFZavFFxVN9dBcCrW0Q",
  "payload": "",
  "protected": "eyJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NDc3Mzc5MiIsICJhbGciOiAiUlMyNTYiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwMzc4NzU5ODgiLCAibm9uY2UiOiAiMDAwMlg3U0NNMkxRWFFoN3E5R25ZTUs3YldVN25jS0FDZWoxR2NjbEJWOGFLemsifQ"
}
"POST /acme/authz-v3/3037875988 HTTP/1.1" 200 799
Received response:
HTTP 200
Replay-Nonce: 0002d9SsgWkyEsA5CcWyruHJukvqck3mHKq1nzZxXdrFOKY
Strict-Transport-Security: max-age=604800
Content-Length: 799
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Server: nginx
Connection: keep-alive
Date: Thu, 27 Feb 2020 08:33:17 GMT
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Content-Type: application/json
Boulder-Requester: 54773792

{
  "identifier": {
    "type": "dns",
    "value": "server.mysteryroom.cz"
  },
  "status": "pending",
  "expires": "2020-03-05T08:33:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/zmkhww",
      "token": "tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/58p3HA",
      "token": "tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/aFd9yw",
      "token": "tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ"
    }
  ]
}
Storing nonce: 0002d9SsgWkyEsA5CcWyruHJukvqck3mHKq1nzZxXdrFOKY
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3037875988:
{
  "signature": "PK6LnKs_lgTmsDQKkrXelozX_n7b41FFr67tPZYQXLzXJn5vvWSdFqMADExj3ENw_y5Hg-ZlCYzfUiyiDvB-4TNTR0kLLg3vUrcuDLwu3hKWFt_ze738Dx8SbAjWywI5_k8j8trZ8_ltSjnRWPoeXmRaXeZXA80spaeT14JbV1gcn5rsoXB1V2GWc3M6-x4NkSQNhfkJ_lwZXnGQ3zC6YflBn4fdy9xTfI1E0KpL1epmOxZj7gQUOlykcbmiVVtYSw7VaU2Q68-nx3IwaYpPPiYmpGSCOlEjSk2bNCH48uD_TYkgMBShpcwNJW3jsSB-S3l4N7Ne_S1zW0EMu7w9fQ",
  "payload": "",
  "protected": "eyJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NDc3Mzc5MiIsICJhbGciOiAiUlMyNTYiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwMzc4NzU5ODgiLCAibm9uY2UiOiAiMDAwMmQ5U3NnV2t5RXNBNUNjV3lydUhKdWt2cWNrM21IS3ExbnpaeFhkckZPS1kifQ"
}
"POST /acme/authz-v3/3037875988 HTTP/1.1" 200 799
Received response:
HTTP 200
Replay-Nonce: 0001L_26rkXCcb1izt020AZks9nMKfmj9g2MWHww51eFHPs
Strict-Transport-Security: max-age=604800
Content-Length: 799
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Server: nginx
Connection: keep-alive
Date: Thu, 27 Feb 2020 08:33:20 GMT
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Content-Type: application/json
Boulder-Requester: 54773792

{
  "identifier": {
    "type": "dns",
    "value": "server.mysteryroom.cz"
  },
  "status": "pending",
  "expires": "2020-03-05T08:33:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/zmkhww",
      "token": "tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/58p3HA",
      "token": "tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/aFd9yw",
      "token": "tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ"
    }
  ]
}
Storing nonce: 0001L_26rkXCcb1izt020AZks9nMKfmj9g2MWHww51eFHPs
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3037875988:
{
  "signature": "w_DCB-dUQggiZ8OjQEBwDDFJREYb-yaLLhJezEPZIn43eWOWK6VDBnJTfK55axodljCQ7k6ITJGEuT_h5JVVs7h_K8OJWn12E1_z7fSYY9cCztoWJkCwpDgitSR4cGGqHS6IjEAwzU77l5iqk27_un-fACeMoSOH2RLmgvn7BFniXJNH-YHTgeQNI3795ZjbEiaVP7_6Yo5Xp7nBXjeA1DhmRpvQL4Ar840lBVehNLj3K-ggja0XgsHuFHfmn4syyzYDgFVGrOA46wpotUlWEl3S7Jy3J2FOrgrf0XRi4bxt3qeSnT_oa2SU2g9uLzOKyFYGGi0CZFpCFlS9bupkfw",
  "payload": "",
  "protected": "eyJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NDc3Mzc5MiIsICJhbGciOiAiUlMyNTYiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwMzc4NzU5ODgiLCAibm9uY2UiOiAiMDAwMUxfMjZya1hDY2IxaXp0MDIwQVprczluTUtmbWo5ZzJNV0h3dzUxZUZIUHMifQ"
}
"POST /acme/authz-v3/3037875988 HTTP/1.1" 200 799
Received response:
HTTP 200
Replay-Nonce: 0001HsStCyEE3NmDpPJTBKAbQchyVvVwn_-Azds-CvWu1e8
Strict-Transport-Security: max-age=604800
Content-Length: 799
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Server: nginx
Connection: keep-alive
Date: Thu, 27 Feb 2020 08:33:23 GMT
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Content-Type: application/json
Boulder-Requester: 54773792

{
  "identifier": {
    "type": "dns",
    "value": "server.mysteryroom.cz"
  },
  "status": "pending",
  "expires": "2020-03-05T08:33:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/zmkhww",
      "token": "tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/58p3HA",
      "token": "tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/aFd9yw",
      "token": "tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ"
    }
  ]
}
Storing nonce: 0001HsStCyEE3NmDpPJTBKAbQchyVvVwn_-Azds-CvWu1e8
JWS payload:
b''
Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3037875988:
{
  "signature": "k8MSMQWzf-5Oa9jWuUBOeSHbB9nKAYdtS4TZoVS-JjnL8ZalWckBeBocxY4MDBL5GqqIyzE4LbostZ4JBxXWQu07D83jsLe9iTFLjjnmivtg6hEgdGXqI519bc23sjzFjh2Qp8hQOySx0LbkdywoaxXcMx5qbNLVTewi4iKVqSwIa-BwWfv7KGWTb4YbRsI86KoZoEPtghatJWuWo_E5V5jKDByfDvKSHr1VYZjBZTQAHamlQrAZf1BFE0v3rHPmZl_-OUNCEK2ufFjsVGYFA6NixWthIGVwRAmGG2uVMas6seiOO0C5qwAnOr2cf1iXlXRPPBWTEvKF4t_7o_V7eA",
  "payload": "",
  "protected": "eyJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NDc3Mzc5MiIsICJhbGciOiAiUlMyNTYiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwMzc4NzU5ODgiLCAibm9uY2UiOiAiMDAwMUhzU3RDeUVFM05tRHBQSlRCS0FiUWNoeVZ2VnduXy1BemRzLUN2V3UxZTgifQ"
}
"POST /acme/authz-v3/3037875988 HTTP/1.1" 200 1022
Received response:
HTTP 200
Replay-Nonce: 0001EOUVlvxHQgq1riN1JY_oWlZWZUHkHQUaK3QwWNqcS9U
Strict-Transport-Security: max-age=604800
Content-Length: 1022
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Server: nginx
Connection: keep-alive
Date: Thu, 27 Feb 2020 08:33:27 GMT
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Content-Type: application/json
Boulder-Requester: 54773792

{
  "identifier": {
    "type": "dns",
    "value": "server.mysteryroom.cz"
  },
  "status": "invalid",
  "expires": "2020-03-05T08:33:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "Fetching http://server.mysteryroom.cz/.well-known/acme-challenge/tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3037875988/zmkhww",
      "token": "tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ",
      "validationRecord": [
        {
          "url": "http://server.mysteryroom.cz/.well-known/acme-challenge/tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ",
          "hostname": "server.mysteryroom.cz",
          "port": "80",
          "addressesResolved": [
            "84.42.237.218"
          ],
          "addressUsed": "84.42.237.218"
        }
      ]
    }
  ]
}
Storing nonce: 0001EOUVlvxHQgq1riN1JY_oWlZWZUHkHQUaK3QwWNqcS9U
Reporting to user: The following errors were reported by the server:

Domain: server.mysteryroom.cz
Type:   connection
Detail: Fetching http://server.mysteryroom.cz/.well-known/acme-challenge/tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ: Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. server.mysteryroom.cz (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://server.mysteryroom.cz/.well-known/acme-challenge/tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ: Timeout during connect (likely firewall problem)

Calling registered functions
Cleaning up challenges
Stopping server at :::80...
Attempting to renew cert (server.mysteryroom.cz) from /etc/letsencrypt/renewal/server.mysteryroom.cz.conf produced an unexpected error: Failed authorization procedure. server.mysteryroom.cz (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://server.mysteryroom.cz/.well-known/acme-challenge/tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ: Timeout during connect (likely firewall problem). Skipping.
Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 452, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1193, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 310, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. server.mysteryroom.cz (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://server.mysteryroom.cz/.well-known/acme-challenge/tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ: Timeout during connect (likely firewall problem)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/server.mysteryroom.cz/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/server.mysteryroom.cz/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1272, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 477, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: server.mysteryroom.cz
   Type:   connection
   Detail: Fetching
   http://server.mysteryroom.cz/.well-known/acme-challenge/tGM6yJK8HkLHpgrKu31k0ysbEnCG0uYs3Br-1I9lPHQ:
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version):
my own app, running in docker behind nginx, but i turned bot off to run in standalone mode (but it gave also timeout)

The operating system my web server runs on is (include version):
Ubuntu 16.04

My hosting provider, if applicable, is:
Own server

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.31.0

Hi @Gibbon

checking your domain http://server.mysteryroom.cz/ there is no answer. Ok, standalone can't answer. But there is no app, only a timeout.

Looks like your general router / firewall configuration is wrong.

If your app is running, it must be possible to connect that app. If not -> wrong configuration.

Sorry, i have forgotten to start the nginx again. So it was inaccessible.

Now it should be up again. But i have used --standalone which starts its own web server when run, doesn’t it? Thats why I turned it off to renew the certificate in the first place.

It’s not really possible to debug --standalone, because there is no running webserver.

But if there is a router- or firewall-problem, a working webserver is required.

Is your webserver running? Only timeouts - https://check-your-website.server-daten.de/?q=server.mysteryroom.cz

Ah - port 443 works, port 80 not.

So you don’t use your port 80, so you can use your running nginx instead of --standalone. Add a working port 80, recheck your domain, if port 80 works. Then use another authenticator.

Yes it is, if you go to mysteryroom.cz and check Reservation, in the second step it loads resevartion calendar and that one is laoded through server.mysteryroom.cz

Or if you try to open in browser http://server.mysteryroom.cz/api/v1/bookings/GetBookingCalendar you will get 405 (method not allowed since it expects POST)

Hello again, I am sorry for such delay but I had some urgent stuff to do first.
At the moment i have the port 80 open with my app, but certbot still says

Attempting to renew cert (server.mysteryroom.cz) from /etc/letsencrypt/renewal/server.mysteryroom.cz.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.

i can connect through telnet, from external network with no problems. in browser as well.
URL is server.mysteryroom.cz

Finally I was able to do it using --standalone and disabling nginx, in the end it was firewall on one of the routers on the route. Thank you very much!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.