Renewal Connection Timeout, But my domain is configured properly and accessible

Hello,

I’ve got an email saying that my cert will expire this 29th so I’m trying to run a --dry-run to see if it works fine but it doesn’t.

It worked fine the first 2 times I had to renew (months ago when I had to renew it)
Since then I did not touch letsEncrypt or certbot but now it won’t work.

My domain: https://www.nexuslogger.com/ https://nexuslogger.com/
You can access it and it works fine, even if you ping it, it returns the proper IP.

I’m running apache2, no extra plugins or stuff that should interfere with SSL
No control panel or anything, Everything trough SSH

The command I’m running:
“certbot --apache renew --dry-run”

Results in this error: https://pastebin.com/raw/qyavJSTt

I’m on ubuntu 16.04, I’ve updated certbot to the latest version and everything.

The domain is accessible fine and the users are using the site daily, yet LetsEncrypt fails to connect to it?
I’ve tried to avoid creating this topic and problem solve it but I can’t find any useful info or anyone that had this same issue before.

@cpu, could you see why the CA apparently can’t reach this IPv4 host? It seems to work fine for me! Is there any possibility that this is an anomaly with the new multipath probing?

@FexileTV, to check if the renewal process is temporarily shutting down your normal web server or something, could you post the contents of /etc/letsencrypt/renewal/nexuslogger.com-0001.conf and the complete command line that you use when you run the renewal command?

As seen by https://dev.ssllabs.com/ssltest/
com
com

As seen by https://www.ssllabs.com/ssltest/
SSL Report: nexuslogger.com (185.153.229.59)
SSL Report: www.nexuslogger.com (185.153.229.59)

Hey,

Thank you for the reply & support. I know LetsEncrypt is free but I really do appreciate that there is a place where we can get support & help, I want to say that I really do appreciate it.

Here are the contents of my “/etc/letsencrypt/renewal/nexuslogger.com-0001.conf”: https://pastebin.com/raw/fsRicdd3

I’ve ran the command to stop apache2 and then tried the renew command again and this time it worked so I think the problem has been resolved?

my ssh log: https://pastebin.com/raw/g6gbZB4t

If you’re using the Apache plugin, you shouldn’t really have to stop the Apache server in order to renew your certificate! So it still seems like there’s something mysterious going on.

I took a look and it seems like @fexiletv was able to issue for these domains. I see successful validation in the staging logs. When I look further back in the logs I can see the point where it was timing out. I don’t believe it’s related to the multipath probing because all of the validation authorities that attempted to contact the site at that point saw the same timeout. It’s hard to say what the problem was but it appeared to affect multiple source networks and has since been resolved.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.