Hello,
Appreciate any help in advance. I have several sites that aren't renewing any longer. It was working recently. The only change I can think of is that I moved the host to a new subnet recently, but I don't see why that would make any difference. All sites work fine and DNS records look ok.
I've tried disabling the firewall, but that didn't help. I also tried turning off the http->https 301 redirect, but despite several hours of effort, I couldn't stop the redirects - not sure that's even related.
I'm at a loss. Info below - thanks for any help!
My domain is:mdainsurance.com
I ran this command: sudo ./letsencrypt-auto -d mdainsurance.com
It produced this output: below
My web server is (include version): Server version: Apache/2.4.46 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 16.04 ESM
My hosting provider, if applicable, is: selfhosted
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
/home/dc1/letsencrypt/letsencrypt-auto has insecure permissions!
To learn how to fix them, visit Certbot-auto deployment best practices
Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mdainsurance.com
Waiting for verification...
Challenge failed for domain mdainsurance.com
http-01 challenge for mdainsurance.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: mdainsurance.com
Type: connection
Detail: 71.183.64.65: Fetching
http://mdainsurance.com/.well-known/acme-challenge/IRjsWnszJPO4JUGD8lGJAoY1Ep9lYcZpIV095Jflh2U:
Timeout during connect (likely firewall problem)To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
dc1@dc1:~$ sudo /home/dc1/letsencrypt/letsencrypt-auto -d mdainsurance.com
/home/dc1/letsencrypt/letsencrypt-auto has insecure permissions!
To learn how to fix them, visit Certbot-auto deployment best practices
Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mdainsurance.com
Waiting for verification...
Challenge failed for domain mdainsurance.com
http-01 challenge for mdainsurance.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: mdainsurance.com
Type: connection
Detail: 71.183.64.65: Fetching
http://mdainsurance.com/.well-known/acme-challenge/GfgPab-VUBSdCUBzWjvyMFSXyN-AL3FU64R_Gyfhb-s:
Timeout during connect (likely firewall problem)To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.