Well, clearly it isn't redirecting ALL the requests.
Notice the HTTP [NOT HTTPS] in the failure:
I don't know much about CF.
I don't why it is treating the ACME challenge requests differently [but it is].
1 Like
Check your router. It definitely is something block HTTP (port 80). Review any port forwarding (NAT) and any firewall options there. Focus on any changes since Nov17 which is the date of the cert on your home server.
I'm not sure why Cloudflare isn't redirecting the acme-challenge either but if you can get port 80 opened up on your home network the renew should start working again. Did you setup a Cloudflare "page rule" to do that maybe?
You could even test this same failure yourself. Like using a cell phone with wifi disable to use your carrier network. And enter the HTTP url with the IP in a browser.
# I timeout to your IP same as Cloudflare is with HTTP (port 80)
curl -I -m8 http://190.83.176.167
curl: (28) Connection timed out after 8001 milliseconds
# Success connect using IP using HTTPS (port 443)
curl -Ik -m8 https://190.83.176.167
HTTP/1.1 303 See Other
Server: Apache/2.4.41 (Ubuntu)
X-Powered-By: PHP/7.4.33
X-Redirect-By: Moodle
Location: https://terelearning.com
2 Likes
Thank you guys so much. It's the router. There is a port forwarding rule for port 443 to the origin server. I added a rule for port 80 and cerbot client is able to perform the renewal. Thanks for all the ideas. I learnt a lot from you guys.
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.