Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: glaz.me
I ran this command: sudo certbot renew
It produced this output:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/glaz.me.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for glaz.me and www.glaz.me
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: glaz.me
Type: connection
Detail: 91.231.120.151: Fetching http://glaz.me/.well-known/acme-challenge/GHcoA_uQ_T1gdWguqCGj8h6ljyjcmprQGwggj6RnDmA: Timeout during connect (likely firewall problem)
Domain: www.glaz.me
Type: connection
Detail: 91.231.120.151: Fetching http://www.glaz.me/.well-known/acme-challenge/Hi_AIWv7CWBSrVRFEiza9fCzrDd0l0xt5VeKCLQabHY: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
My web server is (include version): apache2 (2.4.62-1+ubuntu22.04.1+deb.sury.org+1)
The operating system my web server runs on is (include version): Ubuntu 22.04.4 LTS (GNU/Linux 6.1.90-21 armv7l)
My hosting provider, if applicable, is: I'm hosting on my own. https://dhosting.pl/ is my DNS provider.
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.11.0
I have moved to a new place, with a new ISP. I thought that I had all the port opening and forwarding sorted out but I didn't notice that my port 80 was still blocked. I didn't really run into problems until my certificates expired and I'm unable to renew them.
The ISP is working on my request to open port 80 but it might take them some time (most likely the issue is that the router interface they've given me runs on port 80 and that cannot be changed). I'd appreciate your help in renewing my certificates (16 in total) this one time as I'm sure that within the next 90 days I'll be able to sort out the port issue with my ISP.
I can sign in to my router interface and create port forwarding but I'm not sure if this will help as I believe certbot will attempt reaching me at port 80 so that's no use, right?
I did read about DNS-01 challenge here and it seems to be the solution for me but I don't think that my DNS provider has an API (I didn't check to be honest) but even if, I expect this to be a one-time activity so I'm wondering: is it possible to generate the token via certbot, create the DNS entry manually and then verify? If yes -- could someone please list the command that I'd need to use?
Thanks a lot!
Pawel