Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: sudo certbot delete (among others)
It produced this output: i deleted an existing certificate.
My web server is (include version): Apache/2.4.52 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 22.04 LTS
My hosting provider, if applicable, is: self-hosted, public ip
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0
in short: for some reason auto-renewal failed and certificate eventually expired. i tried renewing without success. eventually i deleted the certificate, in an attempt to get any further. since then i am unable to connect to the server. i was able to use the site before, even though the certificate had expired.
In addition to what Bruce already asked, we cannot advise you about anything if we aren't provided by any relevant error message or log file which actually points to the issue.
here's one:
sudo certbot --apache
[sudo] password for ps:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): [domain]
Requesting a certificate for [domain]
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: [domain]
Type: connection
Detail: [ip address]: Fetching http://[domain]/.well-known/acme-challenge/6sxK2u3vXCdlapdSWdR7mpRKl7nMRPkheudha8xtNX8: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
I can't connect to [redacted] on port 80 also, just a timeout. Usually, when Apache isn't working properly and is down, a Linux server would respond with a "Connection refused" error and not with a timeout. So my guess is that there is a firewall problem or a NAT portmap problem.
ok now i made a new firewall port forwarding rule (added port 80 to forward to the local server) and now it should be accessible. (odd, that it worked before this rule, but anyway it works now).
edit: so since adding the port forwarding rule (port 80) i was able to successfully run sudo certbot --apache in order to get a new certificate. i assume what happened was this:
starting point: existing nextcloud server with letsencrypt certificate, with current firewall (firewall1) having port forwarding on both port 80 as well as 443.
firewall2 enters as firewall1 has hardware failure.
i only made port forwarding rule for port 443 on firewall2.
letsencrypt certificate expires
unable to renew, because connections through port 80 didn't work.
solution: make firewall rule to forward port 80, in order to renew letsencrypt.
