So, I’ve got a dozen or so ssl certs set up on a single server and have been using and renewing them for a little over a year without much issue. Recently though I haven’t been able to renew the certificates whatsoever, I just keep getting connection refused errors and I cannot figure out what changed that caused this issue. Since I have tons of virtualhosts split across apache config files, I wasn’t able to use the fully automated setup from certbot and so have the certificates manually configured for the web server and am not using the certbot apache plugin. When I need to renew I simply stop the webserver for a moment and then use the --standalone switch when using the renew command. So:
service apache2 stop; sleep 2; certbot renew --standalone; sleep 2; service apache2 start. Up until recently this had worked just fine. The only change done to the system in the recent past is that I installed docker.
Basically what I’ve tried so far is:
- Rebooting the server, issuing the renew manually rather than letting the cronjob do it, trying to adjust the timing of killing the webserver, trying with and without the --standalone switch, etc.
- Uninstalling and reinstalling certbot
- Uninstalling docker (I’ve yet to reinstall it)
- Trying different versions of certbot (I tried 0.10.2 and 0.25.0 which were both available via apt)
My domain is: leopard.hosting (also vote.block.land, pecon.us, and some others)
I ran this command: certbot renew --standalone
It produced this output: The server could not connect to the client to verify the domain :: Connection refused. Skipping.
My web server is (include version): apache 2.4.25-3
The operating system my web server runs on is (include version): Debian 9
My hosting provider, if applicable, is: vultr.com
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
At this point I’d just really appreciate any tips or ideas on how I should proceed trying to figure out what is causing this issue. I’ve still got a month until the first certificates expire, but this is quickly getting very irritating and I’m out of ideas at the moment.