this is an renewal, so i know that the ip is reachable from outside, it just seems like the standalone server is not spinning up or similar? it used to work
# OUTPUT FROM RENEW
root@haproxy:~# certbot renew --cert-name DOMAIN OMITTED
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/DOMAIN OMITTED.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for DOMAIN OMITTED
----------------------------------------
Exception happened during processing of request from ('::ffff:64.78.149.164', 37300, 0, 0)
Traceback (most recent call last):
File "/snap/certbot/2133/usr/lib/python3.8/socketserver.py", line 316, in _handle_request_noblock
self.process_request(request, client_address)
File "/snap/certbot/2133/usr/lib/python3.8/socketserver.py", line 347, in process_request
self.finish_request(request, client_address)
File "/snap/certbot/2133/usr/lib/python3.8/socketserver.py", line 360, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/snap/certbot/2133/lib/python3.8/site-packages/acme/standalone.py", line 232, in __init__
super().__init__(*args, **kwargs)
File "/snap/certbot/2133/usr/lib/python3.8/socketserver.py", line 747, in __init__
self.handle()
File "/snap/certbot/2133/lib/python3.8/site-packages/acme/standalone.py", line 257, in handle
BaseHTTPServer.BaseHTTPRequestHandler.handle(self)
File "/snap/certbot/2133/usr/lib/python3.8/http/server.py", line 427, in handle
self.handle_one_request()
File "/snap/certbot/2133/usr/lib/python3.8/http/server.py", line 395, in handle_one_request
self.raw_requestline = self.rfile.readline(65537)
File "/snap/certbot/2133/usr/lib/python3.8/socket.py", line 669, in readinto
return self._sock.recv_into(b)
ConnectionResetError: [Errno 104] Connection reset by peer
----------------------------------------
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: DOMAIN OMITTED
Type: connection
Detail: IP OMITTED: Fetching http://DOMAIN OMITTED/.well-known/acme-challenge/3flLAl8XptS4_p_PO62U8mUzQp4Ncp5NX3iVbYNQv7Q: Connection reset by peer
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Failed to renew certificate DOMAIN OMITTED with error: Some challenges have failed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/DOMAIN OMITTED/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@haproxy:~#
--------------------------------------
# RENEW config file
root@haproxy:~# cat /etc/letsencrypt/renewal/DOMAIN OMITTED.conf
# renew_before_expiry = 30 days
version = 0.31.0
archive_dir = /etc/letsencrypt/archive/DOMAIN OMITTED
cert = /etc/letsencrypt/live/DOMAIN OMITTED/cert.pem
privkey = /etc/letsencrypt/live/DOMAIN OMITTED/privkey.pem
chain = /etc/letsencrypt/live/DOMAIN OMITTED/chain.pem
fullchain = /etc/letsencrypt/live/DOMAIN OMITTED/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = <ACCOUNT OMITTED>
authenticator = standalone
server = https://acme-v02.api.letsencrypt.org/directory