Unable to renew the certificate with cerboten-forcerenew

Indhu · June 14, 2023, 8:17pm

unable to renew the ssl certificate , need a support contact number

MikeMcQ · June 14, 2023, 8:31pm

This is the first support channel for Let's Encrypt. Would you please answer as many questions as you can from the form you were shown?

We are very good at helping people this way. Thank you

=======================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Indhu · June 14, 2023, 8:52pm

I ran this command: sudo certbot --apache It produced this output: Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet. Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. My web server is (include version): Server version: Apache/2.4.52 (Ubuntu) The operating system my web server runs on is (include version): ubuntu 22.04 My hosting provider, if applicable, is: Don't know I can login to a root shell on my machine (yes or no, or I don't know): yes I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Don't know The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

Bruce5051 · June 14, 2023, 8:53pm

And what about?

Indhu · June 14, 2023, 8:55pm

my domain is : portal.ortele.com

Indhu · June 14, 2023, 8:57pm

could you please help us

Bruce5051 · June 14, 2023, 8:59pm

If you are using the HTTP-01 challenge of the Challenge Types - Let's Encrypt you will need Port 80 Open, presently is not.

$ nmap -Pn -p80,443 portal.ortele.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-14 20:56 UTC
Nmap scan report for portal.ortele.com (3.139.174.106)
Host is up (0.081s latency).
rDNS record for 3.139.174.106: ec2-3-139-174-106.us-east-2.compute.amazonaws.com

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp open     https

Nmap done: 1 IP address (1 host up) scanned in 2.03 seconds

And Let's Debug yields these results https://letsdebug.net/portal.ortele.com/1518078

Indhu · June 14, 2023, 9:02pm

if possible could you please try joining our meet , to help us with this please

Indhu · June 14, 2023, 9:03pm

our server is down now

Bruce5051 · June 14, 2023, 9:08pm

Here a list of issued certificates https://crt.sh/?q=portal.ortele.com, the latest being 2023-03-16.
What has changed with your firewalls and server that prevented the renewal about 2023-05-15?

Indhu · June 14, 2023, 9:09pm

when we try opening the port ,
the state of the server says filtered and not open
this is what we supposed to get or something else ?

Bruce5051 · June 14, 2023, 9:12pm

Best Practice - Keep Port 80 Open

You need Port 80 Open and accessible from the Public Internet and present it is not.
You can check with this online tool https://check-host.net/ and see present results from around the world here Permanent link to this check report all showing Result of "Connection timed out".

Indhu · June 14, 2023, 9:13pm

if possible could you please join us for a quick google meet call and help us with this please

Bruce5051 · June 14, 2023, 9:14pm

This is very likely a router or firewall issue.
Has your ISP recently started blocking Port 80?

Indhu · June 14, 2023, 9:17pm

not sure bruce , unable to check that
it got blocked automatically

Indhu · June 14, 2023, 9:18pm

bruce is it possible for you to join our call and support us

Bruce5051 · June 14, 2023, 9:19pm

I do not know your network, your router, your firewall, or your ISP. I would not be of help.

Indhu · June 14, 2023, 9:19pm

but could you please give it a try ?

Indhu · June 14, 2023, 9:24pm

bruce you there?

Bruce5051 · June 14, 2023, 9:25pm

For Port 443 the traceroute make is all the way to the machine.

$ sudo traceroute -T -p 443 portal.ortele.com
traceroute to portal.ortele.com (3.139.174.106), 30 hops max, 60 byte packets
 .
 .
 .
19  15.230.48.58 (15.230.48.58)  53.976 ms * 15.230.48.38 (15.230.48.38)  52.870 ms
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  ec2-3-139-174-106.us-east-2.compute.amazonaws.com (3.139.174.106)  81.893 ms *  84.537 ms

For Port 80 the traceroute stops early that is the machine to first question if it is filtering the requests.

$ sudo traceroute -T -p 80 portal.ortele.com
traceroute to portal.ortele.com (3.139.174.106), 30 hops max, 60 byte packets
 .
 .
 .
19  * 15.230.48.26 (15.230.48.26)  60.757 ms 176.32.125.171 (176.32.125.171)  51.556 ms
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

Topic		Replies	Views
Renewing of letsencrypt certificate failed and now server is down Help	10	581	October 28, 2022
Renew certbot is no longer working? Help	4	1103	May 8, 2019
How to renew expired Let's Encrypt certificate Help	3	2017	September 6, 2019
Can not renew certificate Help	24	586	November 30, 2023
Help with cert renewal Help	10	427	November 2, 2023

Unable to renew the certificate with cerboten-forcerenew

Related topics