Website opens internally and by public IP, but not by domain name, cert will not renew

My domain is: http://www.newkiddintown.com/

The operating system my web server runs on a raspberry pi with Buster.

My hosting provider is: google domains

I can login to a root shell on my machine (yes)

I ran the commands on this site https://certbot.eff.org/lets-encrypt/debianbuster-apache with errors

I had previously been successful in setting the website up with no errors in running cert commands. I have moved to a different house, same IP address, and still have port forwarding over port 80 enabled.
Attempting to access the site, it does not work unless internally.

Im assumed that the Cert for the site was needing to be renewed, when used the command
sudo certbot renew
I received this error

http-01 challenge for newkiddintown.com
http-01 challenge for www.newkiddintown.com
Waiting for verification...
Challenge failed for domain newkiddintown.com
http-01 challenge for newkiddintown.com
Cleaning up challenges
Failed to renew certificate www.newkiddintown.com with error: Some challenges have failed.

---

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/www.newkiddintown.com/fullchain.pem (failure)

---

1 renew failure(s), 0 parse failure(s)
MPORTANT NOTES:

• The following errors were reported by the server:

  Domain: newkiddintown.com
  Type: connection
  Detail: Fetching
  http://newkiddintown.com/.well-known/acme-challenge/eQ7Pq7QFp_vLFGoIWjyQJcrTaMq6xYj-1knV_a7nYgA:
  Timeout during connect (likely firewall problem)

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you're using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided"

I have double check that the raspberry pi is port forwarded through my router via port 80.

What are some next step troubleshooting i can do here?
The device can ping 8.8.8.8 as well as the gateway.
The website is reachable by public IP address via port 80.

Let me know.

newkiddintown.com. has IPv4 address 98.156.149.226
www.newkiddintown.com. has IPv4 address 47.184.10.80

Unless you're intending for those names to be different sites, you probably intend for them to have the same IP. If you're getting an error authenticating newkiddintown.com but it works to authenticate www.newkiddintown.com, I'm guessing the IP for newkiddintown.com is wrong.

Usually people expect the www. name and the name without to do the same thing, but there's nothing in the Internet standard that requires them to be that way, so you end up needing to configure some things twice.

Hello Peter,
Neither of those sites are working right now, But yes, they need to be on the same IP. Could you point in the direction on how to set both of those to the same IP?

I can access www.newkiddintown.com. has IPv4 address 47.184.10.80 via the public IP address internally, But when i attempt to access that public address off network, im prompted with a frontier(my isp) webpage stating it needs login creds...

Any next steps? I have turned the device off right now FYI

I've not used Google domains myself, but if that's who you bought your name with that's probably where you need to update DNS to point to the right IPs.

As to getting your device to be accessible from that IP from the Internet, you may need to check your router or ISP's documentation; that's a pretty broad topic.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.