Unable to renewal certificates


#1

Hi Letsencrypt:

Each time I enter the following:

letsencrypt certonly -a webroot --webroot-path=/var/www/letsencrypt --rsa-key-size 4096 -d vse88.sytes.net -d jem001.sytes.net

I receive the following error message:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for vse88.sytes.net
http-01 challenge for jem001.sytes.net
Using the webroot path /var/www/letsencrypt for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. vse88.sytes.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://vse88.sytes.net/.well-known/acme-challenge/LrIkueCGIRoR6xleBZX6uEydc2kzsQenINXYF9OXM_Y: Timeout, jem001.sytes.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://jem001.sytes.net/.well-known/acme-challenge/XyixVp4ZtFrxpLQBPM-es5vzR2OPcJj1pKJd61zhKQ8: Timeout

IMPORTANT NOTES:

The nextcloud system is working perfectly at the present.

How do I fix this issues with my system???

I’m not sure if the following information will help:

root@ubuntu16vm21:~# openssl x509 -in /etc/letsencrypt/live/vse88.sytes.net/cert.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:1d:76:94:84:20:1c:a0:57:19:5c:cc:bb:f5:5c:ba:04:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let’s Encrypt, CN = Let’s Encrypt Authority X3
Validity
Not Before: Dec 25 23:17:52 2017 GMT
Not After : Mar 25 23:17:52 2018 GMT
Subject: CN = vse88.sytes.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:d9:74:3a:c2:42:36:48:26:80:fd:af:14:34:c1:
dc:ab:20:5f:6d:01:8c:33:9c:6d:3e:c8:a2:ed:b1:
56:ac:ef:97:86:87:2b:59:aa:9c:83:ce:ce:34:05:
f1:62:fb:ec:ee:b2:ff:49:62:b8:a4:86:1d:36:fe:
4b:36:78:32:21:55:d8:97:b9:69:d5:eb:c3:2f:2e:
8d:37:19:c9:7a:a8:e3:5f:6f:6d:96:76:22:e5:6d:
bf:f5:09:06:51:8a:2e:56:20:b8:ab:6c:95:ef:19:
f8:13:c1:24:3f:6b:be:9f:fa:cf:31:83:45:7d:ad:
6c:af:b5:8a:d3:e3:85:05:14:dd:32:3c:92:98:f6:
1e:78:53:7a:15:b2:a5:f9:f7:5b:15:6a:96:f4:f5:
19:d3:ae:6e:7d:51:39:ec:2d:f0:77:63:87:80:9d:
4e:ab:e4:7f:17:eb:f3:fd:d6:e6:95:84:b5:d9:6f:
0b:33:53:70:bd:4c:a0:b2:22:45:92:73:35:9e:8a:
6d:61:b5:e9:b9:53:80:df:2b:54:03:76:63:32:63:
bc:ee:80:75:11:58:ea:02:20:ab:a4:d6:22:fe:cb:
f2:94:27:eb:d4:e9:02:8b:e7:6a:34:60:10:b9:c4:
6a:22:a5:57:8c:26:3a:5f:3d:dd:82:3e:f0:3d:f0:
68:53:4b:69:3a:43:df:22:6c:33:cc:73:dc:0e:d5:
07:03:2d:4a:c6:17:74:f0:d7:ee:3c:bc:a6:8f:41:
c7:e2:ca:8c:49:6b:3b:ce:3e:ce:3c:32:da:be:3b:
19:72:23:f6:be:d0:2d:26:43:9f:6d:b7:22:90:a9:
00:5f:9c:7d:fb:2f:ef:2f:de:bd:77:d6:31:8d:ff:
b7:92:e3:8b:f0:93:d8:1e:2e:b1:a9:f0:e4:42:2f:
74:33:b2:76:06:9e:1e:e7:20:cf:d3:60:d2:9f:27:
26:48:aa:1e:55:14:4e:06:3c:35:4a:3d:5b:6a:2f:
46:fa:94:72:63:d2:dd:7d:ea:85:69:a5:7d:11:d7:
b3:a5:6e:75:e5:a5:c6:26:0b:7c:31:80:5b:a7:e8:
d6:69:20:5f:c9:28:9d:d0:b9:8d:03:63:b0:4b:60:
4d:37:ee:5d:6f:1a:61:bd:b2:12:cf:cf:40:65:3d:
a0:02:8d:3e:ba:33:0d:f1:83:a1:5c:13:e8:31:7c:
d9:22:9b:90:29:21:7e:47:a7:df:06:e3:39:54:27:
f8:59:f6:f6:76:9b:8e:b2:0c:2a:b4:e8:43:18:3c:
c3:ee:3f:55:e6:4a:27:62:c0:9d:1b:df:c7:bf:5f:
14:c1:d8:95:07:33:8f:18:6b:90:4e:3e:9e:37:ce:
4b:c2:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C8:5D:AC:B7:35:0B:1B:17:1D:4C:D8:BC:49:E4:AF:1D:AC:29:6A:20
X509v3 Authority Key Identifier:
keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

        Authority Information Access: 
            OCSP - URI:http://ocsp.int-x3.letsencrypt.org
            CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

        X509v3 Subject Alternative Name: 
            DNS:jem001.sytes.net, DNS:vse88.sytes.net
        X509v3 Certificate Policies: 
            Policy: 2.23.140.1.2.1
            Policy: 1.3.6.1.4.1.44947.1.1.1
              CPS: http://cps.letsencrypt.org
              User Notice:
                Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/

Signature Algorithm: sha256WithRSAEncryption
     21:fe:b6:4e:3e:1e:20:3a:14:8b:e4:a3:13:75:0f:d8:3f:c0:
     7a:b3:ea:4b:2a:07:1c:48:5a:dd:15:a9:67:c9:e7:ba:f5:1c:
     2d:88:97:29:65:bd:c5:64:02:1d:c5:33:81:15:df:1e:02:be:
     39:d6:62:ae:c2:dc:99:4e:c5:69:ed:10:e0:e2:f1:c4:8f:da:
     ca:33:f5:69:c5:13:c2:32:09:fc:a6:d1:73:64:5c:b9:71:85:
     93:3d:ef:a0:3a:01:d7:7f:8f:6a:b7:99:25:ee:4e:ec:1f:d4:
     4e:ad:0e:b4:3d:88:b4:3d:04:83:58:8e:65:4e:9a:eb:02:8b:
     a5:82:a4:7d:2e:5d:e5:0e:c2:e9:5b:24:df:1e:96:50:c9:08:
     00:ed:97:74:b4:56:b3:3d:bf:a2:62:41:8b:43:5b:0a:01:2f:
     09:fb:a6:ab:df:ec:c6:c4:9c:cb:b1:a7:53:14:12:6d:de:fb:
     82:bf:61:d2:0d:e8:d8:cf:e6:9a:f8:b6:38:c9:54:03:97:4f:
     cc:b6:dc:ca:18:8b:8f:98:aa:27:89:88:c6:ae:b0:e8:23:66:
     df:ae:f7:df:7b:3a:59:88:6a:c9:48:80:d5:b4:27:d8:37:1b:
     7a:b8:15:4a:84:3f:29:f2:ea:6f:52:7d:ea:88:46:ff:02:46:
     55:df:0f:ff

root@ubuntu16vm21:~#

Again, please let me know how to resolve the issues to renewal the certificates for system? Thank You!!!


#2

Hi @snoopy789,

I can’t reach any of your sites too.

$ curl -IkL -m10 vse88.sytes.net
curl: (28) Connection timed out after 10000 milliseconds

$ curl -IkL -m10 jem001.sytes.net
curl: (28) Connection timed out after 10001 milliseconds

Doble check they are pointing to the right ip (right now it is 220.137.139.87) and check there is no firewall filtering connections to port 80 or if you are using some kind of port forwarding check whether it is working correctly.

Cheers,
sahsanu


#3

Hi,

It seems that your server (home device) doesn’t open any of it’s ports or it’s all blocked.

Can you please check port forwarding on router (if home use since you are using no-ip) and your server rule?

Thank you


#4

Hi Mr. Sahsanu:

I’m happy to report that my port forwarding on my router wasn’t setup correctly for Letsencrypt verification process. Once I corrected my router to point in the correct port and internal IP address we had a successful update.

I like to take a moment and say “Thank You” for all your hard work. I for one deeply appreciate your exceptionally knowledgeable responses. Again, Thank you for all your assistance!!!

Respectfully,
snoopy789


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.