Stopped being able to fetch certificate after long inactivity

My domain is:

upperlimit.net

I ran this command:

certbot certonly (as root)

It produced this output:

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): upperlimit.net
Requesting a certificate for upperlimit.net
Performing the following challenges:
http-01 challenge for upperlimit.net
Waiting for verification...
Challenge failed for domain upperlimit.net
http-01 challenge for upperlimit.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: upperlimit.net
   Type:   connection
   Detail: 194.163.190.255: Fetching
   http://upperlimit.net/.well-known/acme-challenge/cnaLTZ6P2mgbfk-a9SvuMC-EGFq61cQOAxAPa-3R3ZM:
   Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version):

None

The operating system my web server runs on is (include version):

CentOS 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1.11.0

After repeatedly failing to get my certificate I am now locked out.

There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt

Please use the staging environment for testing to prevent this rate limit.

With regard to your issue: your entire website is down: from my point of view I cannot connect to your IP address on port 80 nor 443. I do see port 22 and 8443 being marked as "closed" by NMap, so it seems the host is up. Looks like all other ports, including 80 and 443, are being filtered by a firewall.

If you fix your general website connectivity issues, you probably also fix your certificate issuance issue.

1 Like

Thanks.

I am not using a web server but I am using the certificate for some of my running applications on non-standard ports.
Therefore, it is expected for port 80 to be down.

I am using non-standard ports for all services.
Therefore, it is expected for ports 22 and 8443 to be marked as "closed".

However, it turns out that port 80 was not allowed in the firewall.

False alarm, I should have thought about it earlier.

It works now.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.