My domain is: hebers.duckdns.org
I ran this command: sudo certbot renew --dry-run
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/hebers.duckdns.org.conf
Certificate not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Simulating renewal of an existing certificate for hebers.duckdns.org
Performing the following challenges:
http-01 challenge for hebers.duckdns.org
Waiting for verification...
Challenge failed for domain hebers.duckdns.org
http-01 challenge for hebers.duckdns.org
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: hebers.duckdns.org
Type: dns
Detail: During secondary validation: DNS problem: query timed out looking up A for hebers.duckdns.org; DNS problem: query timed out looking up AAAA for hebers.duckdns.org
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Cleaning up challenges
Failed to renew certificate hebers.duckdns.org with error: Some challenges have failed.
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/hebers.duckdns.org/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): nginx 1.18.0
The operating system my web server runs on is (include version): Raspberry Pi OS 11 (Bullseye) 64bit, kernel 5.15.32
My hosting provider, if applicable, is: self
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 1.26.0
Further details:
I'm attempting to get nginx up and running as reverse proxy, using a Raspberry Pi 4. I've installed nginx+certbot and have created and installed a certificate. After installing nginx, and before installing the certificate, I could access both http://hebers.duckdns.org and https://hebers.duckdns.org from outside my LAN (cellphone with wi-fi off). I then installed the certificate and nginx now sends http requests to https. Everything looks hunky dory.
The installation guide I was following recommended performing a dry run of the renew process. I try that and it fails. Usually with the results pasted above, but sometimes with the message that the CAA query timed out. I can't figure out why the renew process times out getting the appropriate information from duckdns (that's how I interpret the error message). I've run my domain name through unboundtest.com and see no errors with CAA, A, and AAAA.
Thanks in advance.
