Renewing certificate Invalid Status

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: example.ddns.net

I ran this command: docker-compose up -d
docker-compose.yml:

version: "3.7"
services:

  reverse_proxy:
    image: "jwilder/nginx-proxy:latest"
    container_name: "reverse_proxy"
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"

    volumes:
      - "html:/usr/share/nginx/html"
      - "dhparam:/etc/nginx/dhparam"
      - "vhost:/etc/nginx/vhost.d"
      - "certs:/etc/nginx/certs:ro"
      - "/var/run/docker.sock:/tmp/docker.sock:ro"
      - "./client_max_upload_size.conf:/etc/nginx/conf.d/client_max_upload_size.conf"
        # - "/run/docker.sock:/tmp/docker.sock:ro"
    restart: "always"
    networks:
      - "net"
    ports:
      - "80:80"
      - "443:443"
  letsencrypt:
    image: "jrcs/letsencrypt-nginx-proxy-companion:latest"
    container_name: "letsencrypt"
    volumes:
      - "html:/usr/share/nginx/html"
      - "dhparam:/etc/nginx/dhparam"
      - "vhost:/etc/nginx/vhost.d"
      - "certs:/etc/nginx/certs"
      - "/run/docker.sock:/var/run/docker.sock:ro"
    environment:
      NGINX_PROXY_CONTAINER: "reverse_proxy"
      DEFAULT_EMAIL: "me@example.com"
    restart: "always"
    depends_on:
      - "reverse_proxy"
    networks:
      - "net"
volumes:
  certs:
  html:
  vhost:
  dhparam:

networks:
  net:
    external: true
~                                                                                                       
~ 
~

It produced this output: Invalid status, example.ddns.net:Verify error detail:XX.XX.XX.XX: Fetching http://example.ddns.net/.well-known/acme-challenge/2EMK3_-MBMgjxl-ZSnd9W_WyLHZiAhPs1HRU2hYv4xM: Timeout during connect (likely firewall problem)

My web server is (include version): N/A

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: Self Hosted

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A running nginx as reverse proxy in docker container

Your domain name, with IP address 73.176.89.25 (which is publicly available for everybody by the way, so it makes no sense to obfuscate it in your post) is not reachable by ping, TCP port 80 nor TCP port 443. For the http-01 challenge which you're using, it needs to be accessible over HTTP on port 80.

Please make sure the IP address is actually the IP address of the host in question and/or port 80 is open and/or portmapped to the correct host.

5 Likes

This started a few weeks ago. I changed nothing. I've never had any port issues.

Did your ISP start blocking port 80?

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.