My domain is:
ct2.smtcorp.com
I ran this command:
It produced this output:
My web server is (include version):
Apache 2.4 on Ubuntu 16.04
The operating system my web server runs on is (include version):
Distributor ID: Ubuntu
Description: Ubuntu 16.04.5 LTS
Release: 16.04
Codename: xenial
My hosting provider, if applicable, is:
Self Managed
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Webmin when required
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 0.30.2
In an effort to head off issues with cert renewals I jumped in and followed the instructions in this post...
Right from the start certbot upgraded itself from 25.something to 30.2, I was a little astonished but it had been a while since anyone manually ran certbot auto.
I then ran the suggested sed command. Tried to do a dry run renewal, and things are broken. I originally had issues with redirection and webroots, but I believe I have worked that out, the url
https://ct2.smtcorp.com/.well-known/acme-challenge/test should suffice in proving that the directory is available when creating the challenge.
Running /etc/certbot/certbot-auto renew -vvvvvv --apache --dry-run > cert.log
doesn't show any files being created at the /.well-known/acme-challenges/
it does, however, look like a web server is spun up and the required challenge information is served from there...? maybe?
OUTPUT:
`Root logging level set at -40
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator apache and installer apache
Var dry_run=True (set by user).
Var server=set(['staging', 'dry_run']) (set by user).
Var dry_run=True (set by user).
Var server=set(['staging', 'dry_run']) (set by user).
Var account=set(['server']) (set by user).
Var authenticator=apache (set by user).
Var installer=apache (set by user).
Cert not due for renewal, but simulating renewal for dry run
Requested authenticator apache and installer apache
Apache version is 2.4.18
Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f597f648210>
Prep: True
Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f597f648210>
Prep: True
Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0x7f597f648210> and installer <certbot_apache.override_debian.DebianConfigurator object at 0x7f597f648210>
Plugins selected: Authenticator apache, Installer apache
Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', only_return_existing=None, contact=(), key=JWKRSA(key=<ComparableRSAKey(<cryptography
.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f597f5ff710>)>), external_account_binding=None), uri=u'https://acme-staging.api.letsencrypt.org/acme/reg/1614418', new_authzr_uri=u'https://acme-staging.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https:
//letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), e39c0d78214e2a4a34caa93b2025604f, Meta(creation_host=u'owncloud', creation_dt=datetime.datetime(2017, 3, 16, 14, 13, 25, tzinfo=<UTC>)))>
Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 724
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 28 Jan 2019 21:36:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 28 Jan 2019 21:36:02 GMT
Connection: keep-alive
{
"MFu1wqlwpWI": "Adding random entries to the directory",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "Staging Environment - Let's Encrypt"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
Renewing an existing certificate
Requesting fresh nonce
Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Replay-Nonce: EpL4P13ekypgib07MnNrksNySuz5ot5LXpimB_1ShNM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 0
Expires: Mon, 28 Jan 2019 21:36:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 28 Jan 2019 21:36:02 GMT
Connection: keep-alive
Storing nonce: EpL4P13ekypgib07MnNrksNySuz5ot5LXpimB_1ShNM
JWS payload:
{
"identifiers": [
{
"type": "dns",
"value": "ct2.smtcorp.com"
}
]
}
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJub25jZSI6ICJFcEw0UDEzZWt5cGdpYjA3TW5OcmtzTnlTdXo1b3Q1TFhwaW1CXzFTaE5NIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8xNjE0NDE
4IiwgImFsZyI6ICJSUzI1NiJ9",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJjdDIuc210Y29ycC5jb20iCiAgICB9CiAgXQp9",
"signature": "cFVCX86XBevRHAXHjlRuDrFpOh5ruN8qgrUsFk2U-3FzCJ_RzFzDfO-T5tzqGmQNoS7LfER8kBItQmMxLeK05yR9wrBj7zvMO7rHTUSibDdKR1uf7hFv9Q7F8Ep4oAR1HYYePIilzn_Z214UnDhfgWHWTEcR_IKB9osBQ49mxG4b0CcBPtxnRrndPRilkga3UGXT939WFknZLRAwb-E4_3dsYTzyZDqyxzvaAdQryYWe_G7BgQPhUoYC-vPnE
q7eeEPhvBHjhoSbZ1LGrWeNipn6PvqC689rPdpdpAV0oyMDm4Ge5-je5m2XUD2gNh1HdTxEQ1gDFI0US51NwQxA"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 388
Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 388
Boulder-Requester: 1614418
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/1614418/21654309
Replay-Nonce: cbWDd0oWZGztIuCa4GXA2zhfUjFy9i4Nu5PMIs2jCWA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 28 Jan 2019 21:36:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 28 Jan 2019 21:36:02 GMT
Connection: keep-alive
{
"status": "pending",
"expires": "2019-02-04T21:36:02.517875008Z",
"identifiers": [
{
"type": "dns",
"value": "ct2.smtcorp.com"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/1614418/21654309"
}
Storing nonce: cbWDd0oWZGztIuCa4GXA2zhfUjFy9i4Nu5PMIs2jCWA
JWS payload:
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY:
{
"protected": "eyJub25jZSI6ICJjYldEZDBvV1pHenRJdUNhNEdYQTJ6aGZVakZ5OWk0TnU1UE1JczJqQ1dBIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6L2pnUTNxNUFPSE5Oa1d2UGd3T1NjY2pUekFGWHRmN0JmZmJlRi1SQVZMT1kiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGF
naW5nLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9yZWcvMTYxNDQxOCIsICJhbGciOiAiUlMyNTYifQ",
"payload": "",
"signature": "dBwWVx1fllX8_MLatCfRhDl8BMm54DAyhkOLEWiW_U-NWPqIBjSmX0avIz7R0cmGKJaQtIvFQxMiqwIQvlMcSl38LRvfv-lBYSn8gbErmXS07ORLfKUie66VcyQvUysoNXZD7-fyXm31LyvPZUmElX-TiPFTShwCXoS-dvNEaolXkeTd7Oy0uTKr07lMd8FyRr5PHvsp79mWI9y2BErfVGDSFjHcbfryuFYkvRC62cKSBfS-WCU-LY03Pl5W21o
KCagovwdjcn1k9fDkCXcfXbh26-sCGEToHjn739oSAxV6avLdq723NoExQp3hXHpD1r42KK0EHUWjAxbdnJY6Gw"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY HTTP/1.1" 200 928
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 928
Boulder-Requester: 1614418
Replay-Nonce: -MRXfE6i1ScaPrCdIowh4258ff3xLeLxnN_cQSfOSxI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 28 Jan 2019 21:36:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 28 Jan 2019 21:36:02 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "ct2.smtcorp.com"
},
"status": "pending",
"expires": "2019-02-04T21:36:02Z",
"challenges": [
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY/232074553",
"token": "r3upCHTGd9ShR-vUZA5fHlU5q0Vrq9k-R6cXTk54Hd8"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY/232074554",
"token": "Bmg0CTXFb_fM7oFgYvKbjYRjCuWcRaZzeSNQz21vRA4"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY/232074555",
"token": "1Ql1_ZxrhAa3IKHkSu3iIMo7SjwbcqTaOLIIl1p603o"
}
]
}
Storing nonce: -MRXfE6i1ScaPrCdIowh4258ff3xLeLxnN_cQSfOSxI
Performing the following challenges:
http-01 challenge for ct2.smtcorp.com
Adding a temporary challenge validation Include for name: None in: /etc/apache2/sites-enabled/webmin.1548703757.conf
writing a pre config file with text:
RewriteEngine on
RewriteRule ^/.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted
</Directory>
<Location /.well-known/acme-challenge>
Require all granted
</Location>
Creating backup of /etc/apache2/sites-enabled/webmin.1548703757.conf
Waiting for verification...
JWS payload:
{
"keyAuthorization": "Bmg0CTXFb_fM7oFgYvKbjYRjCuWcRaZzeSNQz21vRA4.b3I76EPd7-s5ASBh-l3WCUw4cFXXeUoXG9ZJpTuVS2Y",
"type": "http-01",
"resource": "challenge"
}
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/challenge/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY/232074554:
{
"protected": "eyJub25jZSI6ICItTVJYZkU2aTFTY2FQckNkSW93aDQyNThmZjN4TGVMeG5OX2NRU2ZPU3hJIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsZW5nZS9qZ1EzcTVBT0hOTmtXdlBnd09TY2NqVHpBRlh0ZjdCZmZiZUYtUkFWTE9ZLzIzMjA3NDU1NCIsICJraWQiOiAiaHR
0cHM6Ly9hY21lLXN0YWdpbmcuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL3JlZy8xNjE0NDE4IiwgImFsZyI6ICJSUzI1NiJ9",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIkJtZzBDVFhGYl9mTTdvRmdZdktiallSakN1V2NSYVp6ZVNOUXoyMXZSQTQuYjNJNzZFUGQ3LXM1QVNCaC1sM1dDVXc0Y0ZYWGVVb1hHOVpKcFR1VlMyWSIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "s7OXlYj4LDQaK3FdDpxi7ozlMr2lnkSBry6bgKr4ASbBdDDgcwNiK0ycmfBHTIoSPnRb6h6bxSsOO5vpC7AbwjRTb9rs8sApS1ou-x-Tk32Av4p9_CHc7fphFr4xnichUe5sXPueK7yytm7CNXdnmXdrnPYdUBJrXaS5Pz3LHr9nfHia8PtrTjO37lskvmwlvc8Nm1p0AlbWHZxcIk7oKMMoHxRE6n1c092NRO0Diwokvq2x_D_zZDXzomWM1LX
goNyZ1Ib3NnNb4fZHHSuHIq0kgy1CHq5hfDMeJiG5V1ZJKSPrbdfg2fTKhPX__njA_jIFVJlA3tUCY5dK59ELGA"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/challenge/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY/232074554 HTTP/1.1" 200 230
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 230
Boulder-Requester: 1614418
Link: <https://acme-staging-v02.api.letsencrypt.org/acme/authz/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/challenge/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY/232074554
Replay-Nonce: Kf6KNsPHHSancnZZBNvqAiE3X_msAtmm8M9v_4Kh1BU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 28 Jan 2019 21:36:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 28 Jan 2019 21:36:08 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY/232074554",
"token": "Bmg0CTXFb_fM7oFgYvKbjYRjCuWcRaZzeSNQz21vRA4"
}
Storing nonce: Kf6KNsPHHSancnZZBNvqAiE3X_msAtmm8M9v_4Kh1BU
JWS payload:
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY:
{
"protected": "eyJub25jZSI6ICJLZjZLTnNQSEhTYW5jblpaQk52cUFpRTNYX21zQXRtbThNOXZfNEtoMUJVIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6L2pnUTNxNUFPSE5Oa1d2UGd3T1NjY2pUekFGWHRmN0JmZmJlRi1SQVZMT1kiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGF
naW5nLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9yZWcvMTYxNDQxOCIsICJhbGciOiAiUlMyNTYifQ",
"payload": "",
"signature": "gi-r8cQ6qJvssBtWGW5QyZUEi5ccvbgYBag-m-vL1PLH_-n3F_vVXdYCzkPPH6M5nniqmXpUJ0NIgueoKoJ0LQIctvWFQjXt6j-4CfebQkzC0kUMZOx3DGEbM5Le1bGMoSPcE5ixjf7fNKwc-wCeYU_r5QPtXxs9VLNeJMbOGQ0dUmLSOmr7BvUVEmzVWJo9z3UX5gBwJ-_yV8QvpZDeo6nWsqUJxrSkFNAllV-VbuVLBuc56m70r7tbth7VmES
_fL6DanKb4-C1BjqFQDsjrQ62y0KODGDgsEEvDyiuen6l593lRyXDOLOxCliItGZl2wEJ8IzwC7e_r_sgDPbwJg"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY HTTP/1.1" 200 1532
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1532
Boulder-Requester: 1614418
Replay-Nonce: ao9FCHv_Y95OpegrNmlDpZRER5XUPNjjOY2a_VuBrns
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 28 Jan 2019 21:36:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 28 Jan 2019 21:36:12 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "ct2.smtcorp.com"
},
"status": "invalid",
"expires": "2019-02-04T21:36:02Z",
"challenges": [
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY/232074553",
"token": "r3upCHTGd9ShR-vUZA5fHlU5q0Vrq9k-R6cXTk54Hd8"
},
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "Fetching http://ct2.smtcorp.com/.well-known/acme-challenge/Bmg0CTXFb_fM7oFgYvKbjYRjCuWcRaZzeSNQz21vRA4: Connection refused",
"status": 400
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY/232074554",
"token": "Bmg0CTXFb_fM7oFgYvKbjYRjCuWcRaZzeSNQz21vRA4",
"validationRecord": [
{
"url": "http://ct2.smtcorp.com/.well-known/acme-challenge/Bmg0CTXFb_fM7oFgYvKbjYRjCuWcRaZzeSNQz21vRA4",
"hostname": "ct2.smtcorp.com",
"port": "80",
"addressesResolved": [
"209.104.242.174"
],
"addressUsed": "209.104.242.174"
}
]
},
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/jgQ3q5AOHNNkWvPgwOSccjTzAFXtf7BffbeF-RAVLOY/232074555",
"token": "1Ql1_ZxrhAa3IKHkSu3iIMo7SjwbcqTaOLIIl1p603o"
}
]
}
Storing nonce: ao9FCHv_Y95OpegrNmlDpZRER5XUPNjjOY2a_VuBrns
Reporting to user: The following errors were reported by the server:
Domain: ct2.smtcorp.com
Type: connection
Detail: Fetching http://ct2.smtcorp.com/.well-known/acme-challenge/Bmg0CTXFb_fM7oFgYvKbjYRjCuWcRaZzeSNQz21vRA4: Connection refused
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are prev
enting the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
Encountered exception:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 161, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 232, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. ct2.smtcorp.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://ct2.smtcorp.com/.well-known/acme-challenge/Bmg0CTXFb_fM7oFgYvKbjYRjCuW
cRaZzeSNQz21vRA4: Connection refused
Calling registered functions
Cleaning up challenges
Attempting to renew cert (ct2.smtcorp.com) from /etc/letsencrypt/renewal/ct2.smtcorp.com.conf produced an unexpected error: Failed authorization procedure. ct2.smtcorp.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to v
erify the domain :: Fetching http://ct2.smtcorp.com/.well-known/acme-challenge/Bmg0CTXFb_fM7oFgYvKbjYRjCuWcRaZzeSNQz21vRA4: Connection refused. Skipping.
Traceback was:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/renewal.py", line 452, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 1192, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/renewal.py", line 310, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 161, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 232, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. ct2.smtcorp.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://ct2.smtcorp.com/.well-known/acme-challenge/Bmg0CTXFb_fM7oFgYvKbjYRjCuW
cRaZzeSNQz21vRA4: Connection refused
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ct2.smtcorp.com/fullchain.pem (failure)
Exiting abnormally:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 1364, in main
return config.func(config, plugins)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 1271, in renew
renewal.handle_renewal_request(config)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/renewal.py", line 477, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)
1 renew failure(s), 0 parse failure(s)`
Thoughts?