Hello. I've been using certbot for a long time with no major issues. I usually just shutdown my diaspora server & apache2 which is handling communications for it, run certbot renew --standalone, and it's good to go. All of the ports (80 & 443) are forwarded to the [virtual] machine that this is on within my network, and I don't have a clue why this isn't working. I only have 3 days left to renew, I really need some help here, or my site is going down; it requires the active certificate to communicate with other nodes. I would appreciate anything that you might be able to give me for assistance or pointers in the right direction; please let me know if you need more information to help with troubleshooting!
Standard informational template follows:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: d-resources.hopto.org
I ran this command: certbot renew --standalone
It produced this output:
--begin paste--
**root@diaspora:/home/sprite# certbot renew --standalone**
**Saving debug log to /var/log/letsencrypt/letsencrypt.log**
**- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -**
**Processing /etc/letsencrypt/renewal/d-resources.hopto.org.conf**
**- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -**
**Cert is due for renewal, auto-renewing...**
**Plugins selected: Authenticator standalone, Installer None**
**Running pre-hook command: service nginx stop**
**Renewing an existing certificate**
**Performing the following challenges:**
**http-01 challenge for d-resources.hopto.org**
**Waiting for verification...**
**Cleaning up challenges**
**Attempting to renew cert (d-resources.hopto.org) from /etc/letsencrypt/renewal/d-resources.hopto.org.conf produced an unexpected error: Failed authorization procedure. d-resources.hopto.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://d-resources.hopto.org/.well-known/acme-challenge/SGBG_YSSZYcs1cnYAl45NorcwImLaAH_YUxnkN0anMI: Connection refused. Skipping.**
**All renewal attempts failed. The following certs could not be renewed:**
** /etc/letsencrypt/live/d-resources.hopto.org/fullchain.pem (failure)**
**- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -**
**All renewal attempts failed. The following certs could not be renewed:**
** /etc/letsencrypt/live/d-resources.hopto.org/fullchain.pem (failure)**
**- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -**
**Running post-hook command: service nginx start**
**Hook command "service nginx start" returned error code 1**
**Error output from service:**
**Failed to start nginx.service: Unit nginx.service is masked.**
**1 renew failure(s), 0 parse failure(s)**
**IMPORTANT NOTES:**
** - The following errors were reported by the server:**
** Domain: d-resources.hopto.org**
** Type: connection**
** Detail: Fetching**
** http://d-resources.hopto.org/.well-known/acme-challenge/SGBG_YSSZYcs1cnYAl45NorcwImLaAH_YUxnkN0anMI:**
** Connection refused**
** To fix these errors, please make sure that your domain name was**
** entered correctly and the DNS A/AAAA record(s) for that domain**
** contain(s) the right IP address. Additionally, please check that**
** your computer has a publicly routable IP address and that no**
** firewalls are preventing the server from communicating with the**
** client. If you're using the webroot plugin, you should also verify**
** that you are serving files from the webroot path you provided.**
**root@diaspora:/home/sprite#**
--end paste--
My web server is (include version): apache2 -- version 2.4.25-3+deb9u9
The operating system my web server runs on is (include version): Debian GNU/Linux 9
My hosting provider, if applicable, is: n/a
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 0.28.0