Please help me with updating the certificate, what am I doing wrong?

Help
1

Hello, tell me why I can't update the certificate? Port 80 and 443 are open. But certbot stubbornly refuses to update the certificate.

nmap -Pn -p 80,443 lkmpikt.org
Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-24 15:12 MSK
Nmap scan report for lkmpikt.org (194.31.153.37)
Host is up (0.00076s latency).

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds


sudo certbot --expand -d lkmpikt.org -d md.lkmpikt.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Attempting to parse the version 2.11.0 renewal configuration file found at /etc/letsencrypt/renewal/lkmpikt.org.conf with version 0.40.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for lkmpikt.org
http-01 challenge for md.lkmpikt.org
Waiting for verification...
Challenge failed for domain lkmpikt.org
Challenge failed for domain md.lkmpikt.org
http-01 challenge for lkmpikt.org
http-01 challenge for md.lkmpikt.org
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: lkmpikt.org
   Type:   connection
   Detail: 194.31.153.37: Fetching
   http://lkmpikt.org/.well-known/acme-challenge/E6_BPv0PJbLj_PkrC617f7svh7nl9ezsEYr1a8oJszM:
   Timeout during connect (likely firewall problem)

   Domain: md.lkmpikt.org
   Type:   connection
   Detail: 194.31.153.37: Fetching
   http://md.lkmpikt.org/.well-known/acme-challenge/Y0o_M3zXFhiDasP-pI67lo_tsNbR5oSUIn3-yh_N0oI:
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

sudo certbot --version
certbot 0.40.0
2

Hello,

The port being open means that there is no TCP reset or ICMP unreachable packet received. You still need a service (in that case web server) to listen on the port.

tumbleweed:~ # curl -s -v lkmpikt.org
* Host lkmpikt.org:80 was resolved.
* IPv6: (none)
* IPv4: 194.31.153.37
*   Trying 194.31.153.37:80...
* connect to 194.31.153.37 port 80 from 192.168.1.2 port 35034 failed: Connection timed out
* Failed to connect to lkmpikt.org port 80 after 134483 ms: Could not connect to server
* closing connection #0
tumbleweed:~ #
1 Like
3 
sudo curl -s -v lkmpikt.org
*   Trying 194.31.153.37:80...
* TCP_NODELAY set
* Connected to lkmpikt.org (194.31.153.37) port 80 (#0)
> GET / HTTP/1.1
> Host: lkmpikt.org
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Moved Temporarily
< Server: nginx/1.18.0 (Ubuntu)
< Date: Fri, 24 Jan 2025 12:32:12 GMT
< Content-Type: text/html
< Content-Length: 154
< Connection: keep-alive
< Location: https://lkmpikt.org/
< 
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>
* Connection #0 to host lkmpikt.org left intact
4

Are you using some geoIP blocking service?

2 Likes
5

Was that from your local network? Because from the public internet requests are failing

4 Likes
6

No, I do not use a geoIP blocking service.

7

No internet I use this command via the internet. Not locally

1 Like
8

Perhaps, if there is a blocking, then most likely it is from the providers

9

Yes, you may want to check this with your provider (luganet?).

tumbleweed:~ # mtr -r -b -w lkmpikt.org
Start: 2025-01-24T12:48:01+0000
HOST: tumbleweed.home                                  Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- livebox.home (192.168.1.1)                        0.0%    10    0.5   0.7   0.5   2.3   0.6
  2.|-- 80.10.5.237                                       0.0%    10    1.7   2.0   1.7   2.3   0.2
  3.|-- 92.184.150.74                                     0.0%    10    2.9   2.8   2.5   3.0   0.2
  4.|-- ae42-0.nilyo101.rbci.orange.net (193.252.101.89)  0.0%    10    6.0   6.3   5.7  10.1   1.3
  5.|-- ???                                              100.0    10    0.0   0.0   0.0   0.0   0.0
  6.|-- 193.251.250.190                                   0.0%    10   13.5  10.8   9.3  14.9   2.0
  7.|-- 87-245-232-54.retn.net (87.245.232.54)            0.0%    10   61.3  61.1  58.1  70.4   4.0
  8.|-- 139.45.229.193                                    0.0%    10   58.4  58.3  58.1  58.5   0.1
  9.|-- pool.luganet.ru (194.31.155.241)                  0.0%    10   74.8  73.4  72.2  76.6   1.5
        pool.luganet.ru (194.31.155.239)
 10.|-- ???                                              100.0    10    0.0   0.0   0.0   0.0   0.0
tumbleweed:~ #
2 Likes
10

The amazing is nearby.... The certificate was issued after the weekend. And everything worked. I still didn't understand what it was. After all, on Friday, certbot did not want to issue a certificate. But, I came to work today, the site is now working correctly.