Background info
My domain is: thegloofactory.com
I ran this command: cerbot-auto renew --dry-run
It produced this output:
[2019 Jul 13 - 13:25:28 : root@host : ./allsites]# certbot-auto renew -n --dry-run
/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a 2.7.x release that supports hmac.compare_digest as so
on as possible.
utils.PersistentlyDeprecated2018,
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/worldsbestbikestickers.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for thegloofactory.com
http-01 challenge for union-made-shirts.com
http-01 challenge for union-made-signs.com
http-01 challenge for union-made-stickers.com
http-01 challenge for worldsbestbikestickers.com
Waiting for verification...
Challenge failed for domain union-made-shirts.com
Challenge failed for domain thegloofactory.com
Challenge failed for domain union-made-signs.com
Challenge failed for domain union-made-stickers.com
Challenge failed for domain worldsbestbikestickers.com
http-01 challenge for union-made-shirts.com
http-01 challenge for thegloofactory.com
http-01 challenge for union-made-signs.com
http-01 challenge for union-made-stickers.com
http-01 challenge for worldsbestbikestickers.com
Cleaning up challenges
Attempting to renew cert (worldsbestbikestickers.com) from /etc/letsencrypt/renewal/worldsbestbikestickers.com.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/worldsbestbikestickers.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/worldsbestbikestickers.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: thegloofactory.com
Type: connection
Detail: Fetching
http://thegloofactory.com/.well-known/acme-challenge/D9zS07Titg2Tz0ju_zFhfY087ysMri3EykkL6zlBN_g:
Timeout during connect (likely firewall problem)
Domain: union-made-stickers.com
Type: connection
Detail: Fetching
http://union-made-stickers.com/.well-known/acme-challenge/oST22TslmNbAPH16E0dTmnNs0LAW8T_aQRy_YqmZbzQ:
Timeout during connect (likely firewall problem)
Domain: worldsbestbikestickers.com
Type: connection
Detail: Fetching
http://worldsbestbikestickers.com/.well-known/acme-challenge/EWuJy-MuQaawL6GaoMJXfRIIuym536_VnETQb9iJMBE:
Timeout during connect (likely firewall problem)
...
My web server is (include version): Apache 2.4.7
The operating system my web server runs on is (include version): Ubuntu 14.04
My hosting provider, if applicable, is: linode
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.36.0
More details
Ports 80 and 443 open.
Test file at http://thegloofactory.com/.well-known/acme-challenge/1234.txt gets a 200
No AAAA records in DNS
Here is the format for VirtualHosts:
<VirtualHost *:80>
# no need for an alias, as this is the default
ServerName thegloofactory.com
ServerAdmin admin@thegloofactory.com
RewriteEngine Off
Redirect permanent / https://thegloofactory.com/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel debug rewrite:trace3
LogLevel info
ErrorLog ${APACHE_LOG_DIR}/thegloofactory/error.log
CustomLog ${APACHE_LOG_DIR}/thegloofactory/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName thegloofactory.com
DocumentRoot /var/www/thegloofactory
RewriteEngine Off
SSLEngine On
ServerAdmin admin@thegloofactory.com
ErrorLog ${APACHE_LOG_DIR}/thegloofactory/error.log
CustomLog ${APACHE_LOG_DIR}/thegloofactory/access.log combined
SSLCertificateFile /etc/letsencrypt/live/worldsbestbikestickers.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/worldsbestbikestickers.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/worldsbestbikestickers.com/chain.pem
</VirtualHost>
