Renewing certificate Invalid Status

dirtyharrywk · February 26, 2024, 7:34pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: example.ddns.net

I ran this command: docker-compose up -d
docker-compose.yml:

version: "3.7"
services:

  reverse_proxy:
    image: "jwilder/nginx-proxy:latest"
    container_name: "reverse_proxy"
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"

    volumes:
      - "html:/usr/share/nginx/html"
      - "dhparam:/etc/nginx/dhparam"
      - "vhost:/etc/nginx/vhost.d"
      - "certs:/etc/nginx/certs:ro"
      - "/var/run/docker.sock:/tmp/docker.sock:ro"
      - "./client_max_upload_size.conf:/etc/nginx/conf.d/client_max_upload_size.conf"
        # - "/run/docker.sock:/tmp/docker.sock:ro"
    restart: "always"
    networks:
      - "net"
    ports:
      - "80:80"
      - "443:443"
  letsencrypt:
    image: "jrcs/letsencrypt-nginx-proxy-companion:latest"
    container_name: "letsencrypt"
    volumes:
      - "html:/usr/share/nginx/html"
      - "dhparam:/etc/nginx/dhparam"
      - "vhost:/etc/nginx/vhost.d"
      - "certs:/etc/nginx/certs"
      - "/run/docker.sock:/var/run/docker.sock:ro"
    environment:
      NGINX_PROXY_CONTAINER: "reverse_proxy"
      DEFAULT_EMAIL: "me@example.com"
    restart: "always"
    depends_on:
      - "reverse_proxy"
    networks:
      - "net"
volumes:
  certs:
  html:
  vhost:
  dhparam:

networks:
  net:
    external: true
~                                                                                                       
~ 
~

It produced this output: Invalid status, example.ddns.net:Verify error detail:XX.XX.XX.XX: Fetching http://example.ddns.net/.well-known/acme-challenge/2EMK3_-MBMgjxl-ZSnd9W_WyLHZiAhPs1HRU2hYv4xM: Timeout during connect (likely firewall problem)

My web server is (include version): N/A

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: Self Hosted

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A running nginx as reverse proxy in docker container

Osiris · February 26, 2024, 7:36pm

Your domain name, with IP address 73.176.89.25 (which is publicly available for everybody by the way, so it makes no sense to obfuscate it in your post) is not reachable by ping, TCP port 80 nor TCP port 443. For the http-01 challenge which you're using, it needs to be accessible over HTTP on port 80.

Please make sure the IP address is actually the IP address of the host in question and/or port 80 is open and/or portmapped to the correct host.

dirtyharrywk · February 26, 2024, 8:01pm

This started a few weeks ago. I changed nothing. I've never had any port issues.

rg305 · February 27, 2024, 1:32am

Did your ISP start blocking port 80?

system · March 28, 2024, 1:32am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
CA is likely to fail as well / connection refused while connecting to upstream client Help	3	2480	November 24, 2017
Cant renew certificate Help	5	1030	August 24, 2023
Unauthorized, Invalid response, 404... but with reverse proxy and docker stuff Help	3	528	July 14, 2024
There is a server found at this domain but it returned an unexpected status code Invalid domain or IP Help	3	8354	July 30, 2024
Invalid response 404 [nginx docker container] Help	2	4595	October 23, 2019

Renewing certificate Invalid Status

Related topics