Hi, the renewal of one domain has been working for years and suddenly fails.
Current certificate from letsencrypt is still valid until 20th july.
I've tried many times, over last few days.
It says it cannot fetch the file but anyone can: https://stp.li/.well-known/acme-challenge/ctHso_lqoTVxoOYGD5ios3OUd9ayDHcjp827uI_9Zls
(I kept a copy of that file on purpose since certbot deletes it)
Please also note other domains & subdomains are still getting their renewal on this server, using the exact same configuration file (include shared in nginx).
For some reason only this one fails and I have no clue.
My domain is:
I ran this command:
sudo -u letsencrypt certbot certonly --config-dir /var/www/letsencrypt/ --logs-dir /var/www/letsencrypt --work-dir /var/www/letsencrypt/ --webroot -w /var/www/letsencrypt/ --csr /path/to/certs/stp.li.csr -d stp.li --cert-path /path/to/certs/stp.li.crt --chain-path /path/to/certs/stp.li-chain.crt --fullchain-path /path/to/certs/stp.li-fullchain.crt
It produced this output:
Saving debug log to /var/www/letsencrypt/letsencrypt.log
Requesting a certificate for stp.li
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Detail: 220.127.116.11: Fetching https://stp.li/.well-known/acme-challenge/ctHso_lqoTVxoOYGD5ios3OUd9ayDHcjp827uI_9Zls: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/www/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version):
nginx version: nginx/1.23.3
The operating system my web server runs on is (include version):
Gentoo Base System release 2.13
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no, i use ssh
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):