Renew certificate fails

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: heavesim.no

I ran this command: sudo certbot renew --dry-run

It produced this output:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: heavesim.no
Type: connection
Detail: Fetching http://heavesim.no/.well-known/acme-challenge/p6xRhkOSusq2Tza2gj8aMxLd_qfVTMwqCC_4bsoAivs: Timeout during connect (likely firewall problem)

My web server is (include version): Server version: Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 20.04.2 LTS

My hosting provider, if applicable, is: AWS EC2 Instance

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.16.0

I set up apache and encryption following the tutorials of Corey Shafer. Everything worked perfectly until I recently deployed an updated version of my Django app, moving from Basic Authentication to Token-based authentication. My app appears in my browser unsercurely, so everything seems to work except for encryption...

Hi @aamo and welcome to the LE community forum :slight_smile:

This implies that HTTP (TCP port 80) isn't reaching your server:

Can your server be reached from the Internet via HTTP?

Apache is set up to redirect traffic on 80 to 443, and "sudo lsof -i -P -n | grep LISTEN" suggests that apache is listening at port 80: apache2 625529 www-data 4u IPv6 7027088 0t0 TCP *:80 (LISTEN)
However, when i write http://heavesim.no in my browser, nothing happens, while with https://heavesim.no I get a security warning. So, I guess the answer is that my server is not reached from the Internet via HTTP. How do I fix that?

First, identify the reason why port 80 isn't accessible (firewall? router portmap? a second firewall?) and if you've identified the reason, fix it, depending on the reason.

Ask your ISP if they allow, or block, inbound HTTP requests.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.