Unable to renew certificates - expiring 10/03/17!


#1

Please fill out the fields below so we can help you better.

I ran this command:
/usr/bin/letsencrypt renew

It produced this output: (names and IPs obfuscated for security purposes)
2017-03-08 19:26:39,679:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/xxx.yyy.com.conf produced an unexpected error: Failed authorization procedure. xxx.yyy.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to aaa.bbb.ccc.ddd:443 for TLS-SNI-01 challenge. Skipping.

My operating system is (include version):
Ubuntu 14.04

My web server is (include version):
Apache

My hosting provider, if applicable, is:
Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No


#2

Resolved with help from @nickleus


#3

I’m having the same problem trying to renew my certificate after it expired. How did you resolve this?


#4

The previous poster is referring to

which refers to a firewall blocking connections to port 443. Did you get the exact same error (“Failed to connect … :443 for TLS-SNI-01 challenge”) while using Certbot for your renewal?


#5

No, my problem is that my site routes all requests to https, so it’s currently not accessible. I’ll have to remove that and allow http temporarily, I think, so that letsencrypt renew can access my site.


#6

I don’t think there should be a problem there, per

If you redirect everything to HTTPS, an expired certificate shouldn’t be an obstacle for HTTP-01 verification as long as the specified webroot does actually otherwise get served successfully by the HTTPS server.


#7

Feel free to post the exact error that you get and we can discuss it further!


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.