Unable to renew after switch to http-01 challenge


#1

Hi together,

I had a running setup, but after the switch to http-01 challenge the renewal process won’t work.

My domain is: walramcloud.ddns.net

I ran this command: certbot renew --dry-run

It produced this output:

Processing /etc/letsencrypt/renewal/walramcloud.ddns.net.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for walramcloud.ddns.net
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (walramcloud.ddns.net) from /etc/letsencrypt/renewal/walramcloud.ddns.net.conf produced an unexpected error: Failed authorization procedure. walramcloud.ddns.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://walramcloud.ddns.net/.well-known/acme-challenge/V2oUyTUIAOtZhnXtto24ZkqcYQBczJyWwZATlSOF8IA: Error getting validation data. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/walramcloud.ddns.net/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/walramcloud.ddns.net/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)

My web server is (include version):
Apache/2.4.25 (Raspbian)

The operating system my web server runs on is (include version): raspbian stretch

I can login to a root shell on my machine (yes or no, or I don’t know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

I’am not sure, may it be that the webserver is refusing http connections or redirecting to https? Sorry, not too deep into the linux administration.

Thanks for your help to solve this issue.


#2

http://walramcloud.ddns.net/ gives a “No route to host” ICMP error.

(https://walramcloud.ddns.net/ works.)

Can you check your firewall and port forwarding settings?


#3

Sometimes things are that easy…This was a really good hint.
Desparately have been trying for hours from within my network and being sure the server is available at port 80. Unfortunately tried always from behind the firewall.
Now updated port forwarding settings - et voila: everything works just fine.

Thanks for the prompt help.


closed #4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.