My domain is: oz1cxp.duckdns.org

I ran this command: "dehydrated -c"

It produced this output:

INFO: Using main config file /etc/dehydrated/config

Processing oz1cxp.duckdns.org

• Checking domain name(s) of existing cert... unchanged.
• Checking expire date of existing cert...
• Valid till Feb 6 21:02:38 2022 GMT (Less than 30 days). Renewing!
• Signing domains...
• Generating private key...
• Generating signing request...
• Requesting new certificate order from CA...
• Received 1 authorizations URLs from the CA
• Handling authorization for oz1cxp.duckdns.org
• 1 pending challenge(s)
• Deploying challenge tokens...
• Responding to challenge for oz1cxp.duckdns.org authorization...
• Cleaning challenge tokens...
• Challenge validation has failed
  ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "http-01"
  ["status"] "invalid"
  ["error","type"] "urn:ietf:params:acme:error:connection"
  ["error","detail"] "Fetching http://oz1cxp.duckdns.org/.well-known/acme-challenge/1nGgzpBeATk6J4VQFLxZNmnh2SqnhXGC5kDALvn0s2w: Timeout during connect (likely firewall problem)"
  ["error","status"] 400
  ["error"] {"type":"urn:ietf:params:acme:error:connection","detail":"Fetching http://oz1cxp.duckdns.org/.well-known/acme-challenge/1nGgzpBeATk6J4VQFLxZNmnh2SqnhXGC5kDALvn0s2w: Timeout during connect (likely firewall problem)","status":400}
  ["url"] "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1624878878/bEvFxQ"
  ["token"] "1nGgzpBeATk6J4VQFLxZNmnh2SqnhXGC5kDALvn0s2w"
  ["validationRecord",0,"url"] "http://oz1cxp.duckdns.org/.well-known/acme-challenge/1nGgzpBeATk6J4VQFLxZNmnh2SqnhXGC5kDALvn0s2w"
  ["validationRecord",0,"hostname"] "oz1cxp.duckdns.org"
  ["validationRecord",0,"port"] "80"
  ["validationRecord",0,"addressesResolved",0] "85.204.132.67"
  ["validationRecord",0,"addressesResolved"] ["85.204.132.67"]
  ["validationRecord",0,"addressUsed"] "85.204.132.67"
  ["validationRecord",0] {"url":"http://oz1cxp.duckdns.org/.well-known/acme-challenge/1nGgzpBeATk6J4VQFLxZNmnh2SqnhXGC5kDALvn0s2w","hostname":"oz1cxp.duckdns.org","port":"80","addressesResolved":["85.204.132.67"],"addressUsed":"85.204.132.67"}
  ["validationRecord"] [{"url":"http://oz1cxp.duckdns.org/.well-known/acme-challenge/1nGgzpBeATk6J4VQFLxZNmnh2SqnhXGC5kDALvn0s2w","hostname":"oz1cxp.duckdns.org","port":"80","addressesResolved":["85.204.132.67"],"addressUsed":"85.204.132.67"}]
  ["validated"] "2022-02-07T16:02:33Z")

My web server is (include version):
nginx 1.18.0

The operating system my web server runs on is (include version):
debian 11.2

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
dehydrated 0.7.0

The strange thing is that i can see in the nginx logs, that the first request gets answered with 200:

18.196.102.134 - - [07/Feb/2022:17:02:33 +0100] "GET /.well-known/acme-challenge/1nGgzpBeATk6J4VQFLxZNmnh2SqnhXGC5kDALvn0s2w HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
34.219.64.153 - - [07/Feb/2022:17:02:33 +0100] "GET /.well-known/acme-challenge/1nGgzpBeATk6J4VQFLxZNmnh2SqnhXGC5kDALvn0s2w HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
64.71.144.196 - - [07/Feb/2022:17:27:45 +0100] "GET /.well-known/acme-challenge/1nGgzpBeATk6J4VQFLxZNmnh2SqnhXGC5kDALvn0s2w: HTTP/1.1" 404 125 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15"
64.71.144.196 - - [07/Feb/2022:17:27:46 +0100] "GET /.well-known/acme-challenge/1nGgzpBeATk6J4VQFLxZNmnh2SqnhXGC5kDALvn0s2w HTTP/1.1" 404 125 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15"
64.71.144.196 - - [07/Feb/2022:17:27:46 +0100] "GET /.well-known/acme-challenge/1nGgzpBeATk6J4VQFLxZNmnh2SqnhXGC5kDALvn0s2w%22,%22hostname%22:%22oz1cxp.duckdns.org%22,%22port%22:%2280%22,%22addressesResolved%22:%5B%2285.204.132.67%22%5D,%22addressUsed%22:%2285.204.132.67 HTTP/1.1" 404 125 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15"

What is it, that is happening, I have been using letsencrypt on this server for about 2 years, but now it stopped working.

ps) I am using the test server, as I ran into rate limitting.

Those requests are NOT from LE.
They are from Discourse:

Name:    tieinterceptor1a.sea1.discourse.cloud
Address: 64.71.144.196

They fail because the end with an extra ":"
[you can ignore them]

OK, I have tried a number of times, and I get either 2 or 3 requests in my nginx log, that are answered with 200, but then the timeout happens, how many requests should I see if things go OK ?
Is it necesary to open other ports than 80 ?

No.
For HTTP authentication only port 80 is required.

I believe it's up to four.

Hmm, I tried again today, and now it works, so it must have been a temporary error somewhere, I have not changed anything.

Not even your socks? LOL

Glad to hear that it all works now .
One more reason why the default configuration for renewals is twice a day for 30 days.
[giving them 60 chances to renew before actual expiry]

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.