Renewing certificate fails

bill69 · May 10, 2021, 2:23pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: vpntestalp.com

I ran this command: certbot renew

It produced this output: Processing /etc/letsencrypt/renewal/vpntestalp.com.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate for vpntestalp.com
Performing the following challenges:
http-01 challenge for vpntestalp.com
Waiting for verification...
Challenge failed for domain vpntestalp.com
http-01 challenge for vpntestalp.com
Cleaning up challenges
Failed to renew certificate vpntestalp.com with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/vpntestalp.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version):

The operating system my web server runs on is (include version): ubuntu 20.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.15.0

rg305 · May 10, 2021, 2:29pm

There is not enough detail shown in the logs to explain the failure.
Please run:
certbot renew -vv
[and show the resulting logs]

and also the output of:
curl -4 ifconfig.co

bill69 · June 7, 2021, 8:26am

Sorry for the late reply. I have restarted working on the issue and I found the following error in the log:

Storing nonce: 0003i-Iq3qylgxsh9wyIC8-OR3na3FzWwn0nbs2lFl4SLfY
Challenge failed for domain vpntestalp.com
http-01 challenge for vpntestalp.com
Notifying user:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: vpntestalp.com
Type: connection
Detail: Fetching http://vpntestalp.com/.well-known/acme-challenge/uB0BcBjFs2gR6Vn8X5TxAuBqz2nvLNsEAjOUPUQQqBU: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority couldn't exterally verify that the standalone plugin completed the required http-01 challenges. Ensure the plugin is configured correctly and that the changes it makes are accessible from the internet.

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: vpntestalp.com
Type: connection
Detail: Fetching http://vpntestalp.com/.well-known/acme-challenge/uB0BcBjFs2gR6Vn8X5TxAuBqz2nvLNsEAjOUPUQQqBU: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority couldn't exterally verify that the standalone plugin completed the required http-01 challenges. Ensure the plugin is configured correctly and that the changes it makes are accessible from the internet.

Encountered exception:
Traceback (most recent call last):
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

Calling registered functions
Cleaning up challenges
Stopping server at :::80...
Failed to renew certificate vpntestalp.com with error: Some challenges have failed.
Traceback was:
Traceback (most recent call last):
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 474, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 1366, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 117, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 333, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/client.py", line 375, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/client.py", line 425, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

Notifying user:

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/vpntestalp.com/fullchain.pem (failure)
Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/1201/bin/certbot", line 8, in
sys.exit(main())
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 1552, in main
return config.func(config, plugins)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 1439, in renew
renewal.handle_renewal_request(config)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 499, in handle_renewal_request
raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

bill69 · June 7, 2021, 11:30am

Hi,

looking a bit at the topic it seems the renewal process is looking to validate by querying the DNS for a specific TXT record.

Any information about the TXT value that I need to put in.

rg305 · June 7, 2021, 4:30pm

The problem, as I read it, is that port 80 isn't open to your server (or the name is resolving to a wrong IP).

But this is difficult to troubleshoot when using:

system · July 7, 2021, 4:30pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate renewal failed Help	5	83	December 2, 2024
Cert Renewal Fails Help	6	2757	November 29, 2021
Certificate renewal fails Help	10	624	July 13, 2024
Certbot renewal failed after trying multiple options Help	23	2348	December 25, 2021
Renew Certificate Failed Help	7	301	May 17, 2024

Renewing certificate fails

Related topics