Problem with certificate - renew using certbot renew

Hi!

Please i need your help. i have a problem with renewing my existing certificate with certbot.

I ran this command: certbot renew

It produced this output:
certbot renew

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/correo.laboratorioturner.com.ar.conf

Cert is due for renewal, auto-renewing…

Plugins selected: Authenticator webroot, Installer None

Renewing an existing certificate

Performing the following challenges:

http-01 challenge for correo.laboratorioturner.com.ar

Waiting for verification…

Cleaning up challenges

Attempting to renew cert (correo.laboratorioturner.com.ar) from /etc/letsencrypt/renewal/correo.laboratorioturner.com.ar.conf produced an unexpected error: Failed authorization procedure. correo.laboratorioturner.com.ar (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://correo.laboratoriotuturner.com.ar/.well-know/acme-challenge/qkXaDFwswKXDzK_Zy-L00Opm2cio5sETjqxSyU9JAC4: Timeout during connect (likely firewall problem). Skipping

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/correo.laboratorioturner.com.ar/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/correo.laboratorioturner.com.ar/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain:correo.laboratorioturner.com.ar

Type: connection

Detail: Featchig

http://correo.laboratoriotuturner.com.ar/.well-know/acme-challenge/qkXaDFwswKXDzK_Zy-L00Opm2cio5sETjqxSyU9JAC4: Timeout during connect (likely firewall problem)

The operating system my server runs on is CentOS

I can login to a root shell on my machinei sent “certbot -renew” from my root shell

The version of my client is: certbot 0.29.1

Hi @dlacomba

see your check, ~~one hour old - https://check-your-website.server-daten.de/?q=correo.laboratorioturner.com.ar

Domainname Http-Status redirect Sec. G
http://correo.laboratorioturner.com.ar/ 186.153.151.4 -14 10.017 T
Timeout - The operation has timed out
https://correo.laboratorioturner.com.ar/ 186.153.151.4 GZip used - 4816 / 13038 - 63,06 % Inline-JavaScript (∑/total): 2/6794 Inline-CSS (∑/total): 0/0 200 Html is minified: 342,92 % 6.680 B
http://correo.laboratorioturner.com.ar/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 186.153.151.4 -14 10.023 T
Timeout - The operation has timed out

https answers, http not.

So http validation can’t work. A working port 80 is required.

1 Like

The “likely firewall problem” is usually correct in this case—port 80 may be “working” on the web server (from Certbot’s point of view, at least) but inbound connections to it are still blocked by a firewall. If there were no firewall, we would expect to see “connection refused” rather than “timeout”.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.