Unable to renew certificates - expiring 10/03/17!

Please fill out the fields below so we can help you better.

I ran this command:
/usr/bin/letsencrypt renew

It produced this output: (names and IPs obfuscated for security purposes)
2017-03-08 19:26:39,679:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/xxx.yyy.com.conf produced an unexpected error: Failed authorization procedure. xxx.yyy.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to aaa.bbb.ccc.ddd:443 for TLS-SNI-01 challenge. Skipping.

My operating system is (include version):
Ubuntu 14.04

My web server is (include version):

My hosting provider, if applicable, is:
Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Resolved with help from @nickleus

1 Like

I’m having the same problem trying to renew my certificate after it expired. How did you resolve this?

The previous poster is referring to

which refers to a firewall blocking connections to port 443. Did you get the exact same error ("Failed to connect ... :443 for TLS-SNI-01 challenge") while using Certbot for your renewal?

No, my problem is that my site routes all requests to https, so it’s currently not accessible. I’ll have to remove that and allow http temporarily, I think, so that letsencrypt renew can access my site.

I don't think there should be a problem there, per

If you redirect everything to HTTPS, an expired certificate shouldn't be an obstacle for HTTP-01 verification as long as the specified webroot does actually otherwise get served successfully by the HTTPS server.

Feel free to post the exact error that you get and we can discuss it further!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.