When renew dry-run-- works, verification working?

Hi @Cqc

we need the correct numbers to check that.

PS: Now, your site is completely invisible, no http, no https, no /.well-known/acme-challenge.

And your ns2.neroth.org doesn't support TCP-connections.

Fatal error: Nameserver doesn't support TCP connection: ns2.neroth.org
Nameserver Timeout checking Echo Capitalization: ns2.neroth.org
Nameserver Timeout checking EDNS512: ns2.neroth.org

(via https://check-your-website.server-daten.de/?q=pqr.neroth.org ).


I see now that it is a self standing url…

My question/puzzle is NOT why I cannot renew with 443, 80 closed, but why I was able to renew. Thank you for your help

1 Like

Following the authorizations-link:


http-01 was used:



Renewals were being allowed over 443; but that is coming to an end now:

Thank you for all the replies.

However, my puzzlement remains. As others here have checked and stated both my ports 80 and 443 are closed. So was the renewal effected?

Closed to some or closed to all?
For instance: Geo-Location blocking can simulate closed but in reality be somewhat still open.

Anyhow, you can check the certificate transparency logs to see if indeed there was a new cert issued.
Try: https://crt.sh/
[if you used the staging environment then only your logs can show what transpired]

This was against production.
And crt.sh | pqr.neroth.org shows a valid cert was created on 2019.01.22
Yet this doesn't say much about how the cert was obtained (via http, https, dns, using smoke signals, …)
So it doesn't really help much to answer your topic question...
Unless you can see exactly how it was authenticated in the logs.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.